discussed on 2018-03-28 webauthn call: @christiaanbrand acks that they have been thinking about this -- thinks their current impl ignores the spec in this case... at least on Android, they know that a "key got wiped" and so can be smarter about it, but am not sure all platforms have that info available. @akshayku how do you know to fallback to the external authnrs in this case? @christiaanbrand: android knows that a key existed at one time. wonders whether we ought to introduce the attachment parm to the get() request (#getAssertion). this is not optimal soln because what if user is using different profiles/personas (?).... need to think about this. @akshayku: windows has system restore notion which wipes the entire machine and all knowledge goes away.... platformResident keys will disappear... @christiaanbrand: there's a bunch of subtleties to this and wishes to discuss this further -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/851#issuecomment-376979013 using your GitHub accountReceived on Wednesday, 28 March 2018 17:59:02 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:48 UTC