Re: [webauthn] Can RPs assume that `InvalidStateError` for `create()` means an excludeCredentials match? (#1566) from Arshad Noor via GitHub on 2021-02-20 (public-webauthn@w3.org from February 2021)

From: Arshad Noor via GitHub <sysbot+gh@w3.org>
Date: Sat, 20 Feb 2021 00:11:27 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-782469062-1613779886-sysbot+gh@w3.org>

> It's important that the registration of a trusted device does not turn a user without "normal 2FA" into a 2FA user, because we want this feature to be low-friction and only "value added". 

Far be it that I get in the middle of this thread (and the complexity WebAuthn has spawned), but if there is no intent to implement FIDO for its _raison d'etre_, why bother implementing it at all?

-- 
GitHub Notification of comment by arshadnoor
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1566#issuecomment-782469062 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 20 February 2021 00:11:28 UTC