Re: [webauthn] Note to encourage storage of registered credential details (#1556)

> So there's at least something out in the wild taking an opinionated stance on what information out of an attestation is/might be useful for future-proofing an RP as utilization of WebAuthn grows and the spec evolves.

I think this is a good summary of it. Webauthn does not exist in a vacuum, it will be used in a variety of new and different scenarios and methods. Having the standard correctly show what can and can not be used to develop security and account policy in various ways will help to ensure that implementors are "holding it correctly". 

GitHub Notification of comment by Firstyear
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Monday, 8 February 2021 03:30:23 UTC