Re: [webauthn] Explicitly restrict NONE aaguid to none attestation only (#1588)

From 2021-03-31 WG call: @agl objects that there seems to be little reason to ban the zero AAGUID for all future implementations, and that doing so would likely lead to divergences as different platforms choose different solutions for how to set a nonzero AAGUID when an authenticator does not provide one. WebAuthn encompasses more than just FIDO authenticators, so the WebAuthn API can be more permissive than FIDO certification requirements are.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 31 March 2021 19:29:52 UTC