Re: [webauthn] #sec-authenticator-data section implies authnr enforces RP ID being eTLD+1

Yes, there's no way for the authenticator to make that validation. I agree that ", and that the RP ID is a registrable domain suffix of or is equal to the effective domain of the RP’s origin's effective domain" should be removed.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 6 June 2018 17:03:51 UTC