Ah yes, section 4.4 is indeed inconsistent as you point out. But doesn't `allowCredentials` already enable these features? Of course that assumes the RP has stored device metadata in the registration ceremony, but the RP would need that metadata anyway in order to verify that the user agent obeys the `authenticatorSelection`. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/583#issuecomment-333842210 using your GitHub accountReceived on Tuesday, 3 October 2017 13:30:33 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC