- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Oct 2019 11:24:47 +0000
- To: public-webauthn@w3.org
Sorry for the delay. Yes, for the extensions where the client extension outputs forwards the authenticator extension outputs, I'd say the authenticator extension outputs in the signed AuthData should be preferred over the unsigned client extension outputs. For extensions where the client extension output and authenticator extension output are different (`appid`, `authnSel`, `biometricPerfBounds`, `credProps`), the RP should inspect both (none of those extensions have authenticator extension output, but future extensions might). -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1258#issuecomment-539469065 using your GitHub account
Received on Tuesday, 8 October 2019 11:24:48 UTC