Re: [webauthn] Move PRF Extension into its own specification (#1462) from John Bradley via GitHub on 2020-09-04 (public-webauthn@w3.org from September 2020)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Fri, 04 Sep 2020 18:22:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-687308792-1599243766-sysbot+gh@w3.org>

The problem is currently that authenticators don't respond with the HMAC extension without UP.

In principal we should change that so that it always replies but has different seeds for "uv=1" , uv=0 and up=1, and   uv=0 and up=0.  That probably makes sense for iOT applications as well. 

I personally see this fitting with the WebAuthn flow for SSI and SIOP applications as well as password managers.    I don't think that is mutually exclusive with allowing webCrypto access.   I would like to see both.

-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1462#issuecomment-687308792 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 4 September 2020 18:22:49 UTC