- From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
- Date: Fri, 16 Feb 2018 21:14:50 +0000
- To: public-webauthn@w3.org
CTAP2 authenticators must gather consent before replying with `CTAP2_ERR_CREDENTIAL_EXCLUDED`: > When an authenticatorMakeCredential request is received, the authenticator performs the following procedure: > > If the excludeList parameter is present and contains a credential ID that is present on this authenticator and bound to the specified rpId, wait for user presence, then terminate this procedure and return error code CTAP2_ERR_CREDENTIAL_EXCLUDED. User presence check is required for CTAP2 authenticators before the RP gets told that the token is already registered to behave similarly to CTAP1/U2F authenticators. The procedure @agl suggests is what we do for U2F (CTAP1) authenticators today -- they do not have resident keys. -- GitHub Notification of comment by leshi Please view or discuss this issue at https://github.com/w3c/webauthn/issues/806#issuecomment-366360262 using your GitHub account
Received on Friday, 16 February 2018 21:14:51 UTC