- From: Ibrahim Damlaj via GitHub <sysbot+gh@w3.org>
- Date: Mon, 02 Oct 2017 17:27:32 +0000
- To: public-webauthn@w3.org
I support dropping the TUP requirement for platform (built-in authenticators). We should do this only if excludeCredentials.length == 0, otherwise a relying party may silently query for credentials via the excludeCredentials parameter. -- GitHub Notification of comment by idamlaj Please view or discuss this issue at https://github.com/w3c/webauthn/issues/564#issuecomment-333604274 using your GitHub account
Received on Monday, 2 October 2017 17:28:16 UTC