Re: [webauthn] User verification policy leads to ambiguous usage situations. (#1510)

> The specification does not make it clear which properties of a webauthn challenge/response are signed and verifiable, and which are not, which leads to ambiguity and a belief in properties of webauthn that may not hold.

Step 20 of the verification procedure does make this clear. 

GitHub Notification of comment by sbweeden
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Thursday, 21 January 2021 04:19:46 UTC