Re: [webauthn] public key cred - fixes #406

@AngeloKai In your informal vote, what did your coworkers think a device- or authenticator-bound credential would imply? What did they think a public-key credential would imply?

IIUC, with self-attested keys, there's not actually a guarantee that the key is bound to the client? Whereas there is always a public/private key pair involved?

(None of the ScopedCredential interface survived the first TAG review: they said to merge it into Credential Manager.)

GitHub Notification of comment by jyasskin
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 2 May 2017 22:53:52 UTC