- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Sat, 10 Apr 2021 23:45:38 +0000
- To: public-webauthn@w3.org
@rlin1 That's fine, but I think that the standard needs to not only express what it can do, but also advise on what it can not and make constructive links to things like the webcrypto api or others that are able to solve this problem. IE in the section about assertion it should clearly state that the nonce should not be used to sign arbitrary data, should reference the links you provide, and give reasons. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-817217895 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 10 April 2021 23:45:40 UTC