- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Thu, 08 Feb 2018 03:12:45 +0000
- To: public-webauthn@w3.org
Finally I got to look at this issue and the reason why those fields are missing is because those fields are not really actionable in itself. We are ignoring all these fields. QualifiedSigner and clockInfo don't really have to be checked and normal consumption of these attestation in the fields usually ignore it. Similarly firmware version is something that we cannot give guidance on which one to use and which one to not. At best, these fields are signals to risk engine and RP MAY choose to look at these in some risk engine situation but there is no actionable verification steps that we can specify here. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/372#issuecomment-363989161 using your GitHub account
Received on Thursday, 8 February 2018 03:13:14 UTC