Re: [webauthn] Indicate resident key credential "preferred" during registration and find out what the authenticator offered (#991) from Emil Lundberg via GitHub on 2019-03-28 (public-webauthn@w3.org from March 2019)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 Mar 2019 19:59:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-477749206-1553803196-sysbot+gh@w3.org>

Ok, but in that case we would have to issue errata for WebAuthn L1 also, since [`authenticatorMakeCredential` step 7.4][amc] reads (bold emphasis added)

>4. If _requireResidentKey_ is `true` **or the authenticator chooses to create a client-side-resident** public key credential source:

Can we do that? I suspedt there are platform authenticators that create an RK even if `rk=false`.

[amc]: https://www.w3.org/TR/webauthn/#ref-for-client-side-resident-public-key-credential-source%E2%91%A4


-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/991#issuecomment-477749206 using your GitHub account

Received on Thursday, 28 March 2019 20:00:00 UTC