W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Consider allowing RPs to indicate that they want platform authenticators to be synced across devices

From: Patrick Toomey via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 Jun 2018 16:11:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-401089126-1530202287-sysbot+gh@w3.org>
> Actually, it's rather something they need to opt out of, since the RP by default will not ask for attestation.

This was my thought as well. It feels like the cases where a RP would require a attestation might be the exception and not the rule. So, a default of no attestation would imply that the RP assumes nothing about the authenticator (which is probably fine for the vast majority of RPs). And, if they do want to have restrictions, the RP looks for an attestation from an authenticator capable of that. 



-- 
GitHub Notification of comment by ptoomey3
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/969#issuecomment-401089126 using your GitHub account
Received on Thursday, 28 June 2018 16:11:40 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC