- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 24 Jan 2018 11:00:37 +0000
- To: public-webauthn@w3.org
This might be slightly unrelated to this particular PR, but should these steps also make the client stop accepting new authenticators (but not terminate the timer) in step 19/17? What I mean is, say an operation is initiated with two authenticators connected. The user cancels the operation on one of them, and the client then cancels the operation on the other authenticator as well. Say the user then plugs in a third authenticator, perhaps for a completely unrelated purpose. As currently specified (likely a relic from before hot plugging), the client would initiate the operation anew with this authenticator, which might surprise the user since they just canceled it. It could in some cases lead to the user inadvertently accepting the Webauthn operation instead of the unrelated task they plugged in the authenticator for. What do you think? -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/pull/760#issuecomment-360095734 using your GitHub account
Received on Wednesday, 24 January 2018 11:00:40 UTC