W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2020

Re: [webauthn] New platform authenticators are making discoverable credentials regardless of residentKey=false passed to Create() (#1457)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Sep 2020 19:57:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-685963467-1599076676-sysbot+gh@w3.org>
There are other options on the table. 

- RP can do platform based logic.
- RP can ask all platforms to support resident keys.
- RP's can include exclude list all the time. 

We probably will change it to support non-discoverability and not make it a resident key. But we are not in favor or reintroducing "forbidden" option.

GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1457#issuecomment-685963467 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 2 September 2020 19:57:59 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 2 September 2020 19:58:00 UTC