- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Thu, 23 Jan 2020 13:36:57 +0000
- To: public-webauthn@w3.org
Another thought I just had: maybe it would make sense to make the simplified API available only if the request sets `attestation: "none"` (either explicitly or by default)? In every other case the RP does actively care about attestation, so then it seems prudent to not expose the insecure API variant so it can't be used by mistake. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1363#issuecomment-577684291 using your GitHub account
Received on Thursday, 23 January 2020 13:36:59 UTC