Re: [webauthn] Prevent browsers from deleting credentials that the RP wanted to be server-side (#1569)

> There are many user-verifying authenticators that are not a platform authenticators and Yubico already sells one. May be you are confusing fingerprint based authenticators with user-verifying based authenticators. user verifying authenticators also consists of authenticators which are local PIN based.

I *believe* understand the UV/PA/RK properties well enough.

My point is more that the API does not allow us to distinguish PA/RK for existing registrations, especially if we did not save transport data. So if we wanted to enforce UV+PA for new registrations, we wouldn't know which old registrations satisfy it.

GitHub Notification of comment by lgarron
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 10 February 2021 20:16:19 UTC