- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 Apr 2019 13:59:38 +0000
- To: public-webauthn@w3.org
> fetching URL from the remote source (https) happens at the time of registration once and then such fetched icon is stored in the authenticator That behaviour is not mandated by the spec, in fact neither WebAuthn nor CTAP says anything about what the authenticator is supposed to do with `rp.icon` other than somehow "store" it. It's equally permissible for the authenticator to simply store the `https:` URL without resolving it. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1200#issuecomment-484102011 using your GitHub account
Received on Wednesday, 17 April 2019 13:59:40 UTC