[webauthn] Add a fingerprinting (#1173)

jcjones has just created a new issue for https://github.com/w3c/webauthn:

== Add a fingerprinting  ==
In Mozilla's [bug 1526023](https://bugzilla.mozilla.org/show_bug.cgi?id=1526023), we [added a non-standard WebIDL method to `PublicKeyCredential`](https://hg.mozilla.org/releases/mozilla-beta/rev/ff2c3fd26b15):
```
static Promise<boolean> isExternalCTAP2SecurityKeySupported();
```

We did this to avoid worse fingerprinting of Firefox CTAP2 support via user agent sniffing. The details are available in the bug.

I dislike adding fingerprinting surface, but the alternative for this situation was for RPs to have knowledge that Firefox 66 on Windows 10 build `${buildnumber}` to have CTAP2 support, and others do not. 

Perhaps this is something the WG should consider adding to the spec.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1173 using your GitHub account

Received on Thursday, 7 March 2019 18:41:28 UTC