- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Thu, 15 Feb 2018 17:12:46 +0000
- To: public-webauthn@w3.org
I don't have any specific change in mind, I just implemented support for `appid` yesterday and realised that I don't understand the reason for a lot of the current behaviour. For example, what bad thing can happen if RPs don't check the that the extensions in the CollectedClientData are a subset as they're supposed to? Since the empty set is a subset, can Chrome just leave these things empty and everything's cool? If forced to pose the question in the form of a change: what objections arise from removing the `clientExtensions` and `authenticatorExtensions` from CollectedClientData? -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/issues/803#issuecomment-365996510 using your GitHub account
Received on Thursday, 15 February 2018 17:12:49 UTC