Yes, there's no way for the authenticator to make that validation. I agree that ", and that the RP ID is a registrable domain suffix of or is equal to the effective domain of the RP’s origin's effective domain" should be removed. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/933#issuecomment-395142256 using your GitHub accountReceived on Wednesday, 6 June 2018 17:03:51 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC