To summarize thoughts discussed on the Working Group's call on this topic, if an RP receives an unwanted or unsupported attestation format, it should be handled at the discretion of the RP to be either ignored or handled in some other way. The specification or the client device should be explicit in saying whether unwarranted attestation data should be ignored or discarded. -- GitHub Notification of comment by nicksteele Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1485#issuecomment-698613283 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Thursday, 24 September 2020 22:05:54 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 24 September 2020 22:05:56 UTC