Re: [webauthn] Making PublicKeyCredentialDescriptor.transports mandatory (#1522)

From the call of 2020-01-06, the group doesn't believe that a change should be made here.

Browsers do not always know the transports supported by an authenticator. Making the transports field mandatory would only cause them to either have to fail such requests or to make something up. It's already the case that browsers pass on the information that they do have and changing the spec doesn't look like it it would result in RPs getting any more (accurate) data. There could be specific issues with some browsers but those are more usefully considered as browser bugs.

Also, RPs would still need to handle the case where the transports parameter was not provided because L1 clients would still be able to omit it.

So, while we agree that browsers should always pass on transports information when available, we don't think that making the field mandatory in the IDL would further that goal.

GitHub Notification of comment by agl
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 6 January 2021 22:06:45 UTC