W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2021

Re: [webauthn] Explicitly restrict NONE aaguid to none attestation only (#1588)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 31 Mar 2021 19:29:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-811377269-1617218985-sysbot+gh@w3.org>
From 2021-03-31 WG call: @agl objects that there seems to be little reason to ban the zero AAGUID for all future implementations, and that doing so would likely lead to divergences as different platforms choose different solutions for how to set a nonzero AAGUID when an authenticator does not provide one. WebAuthn encompasses more than just FIDO authenticators, so the WebAuthn API can be more permissive than FIDO certification requirements are.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1588#issuecomment-811377269 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 31 March 2021 19:29:52 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC