Re: [webauthn] User verification policy leads to ambiguous usage situations. (#1510)

> I truly believe the fundamental issue here is not with the specification's semantics, but with false assumptions.

Okay. In that case, please tell me how I can issue a webauthn authentication challenge to a client, where they have:

* A yubikey as a single factor, unverified device, and a password to be issued after
* A touchid factor, which is a verified authenticator that is sufficient to authenticate. 

GitHub Notification of comment by Firstyear
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Thursday, 21 January 2021 05:05:00 UTC