[webauthn] Add a fingerprinting (#1173) from J.C. Jones via GitHub on 2019-03-07 (public-webauthn@w3.org from March 2019)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 Mar 2019 18:41:26 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-418456820-1551984085-sysbot+gh@w3.org>

jcjones has just created a new issue for https://github.com/w3c/webauthn:

== Add a fingerprinting  ==
In Mozilla's [bug 1526023](https://bugzilla.mozilla.org/show_bug.cgi?id=1526023), we [added a non-standard WebIDL method to `PublicKeyCredential`](https://hg.mozilla.org/releases/mozilla-beta/rev/ff2c3fd26b15):
```
static Promise<boolean> isExternalCTAP2SecurityKeySupported();
```

We did this to avoid worse fingerprinting of Firefox CTAP2 support via user agent sniffing. The details are available in the bug.

I dislike adding fingerprinting surface, but the alternative for this situation was for RPs to have knowledge that Firefox 66 on Windows 10 build `${buildnumber}` to have CTAP2 support, and others do not. 

Perhaps this is something the WG should consider adding to the spec.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1173 using your GitHub account

Received on Thursday, 7 March 2019 18:41:28 UTC