Re: [webauthn] Explicitly restrict NONE aaguid to none attestation only (#1588) from Emil Lundberg via GitHub on 2021-03-31 (public-webauthn@w3.org from March 2021)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 31 Mar 2021 19:29:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-811377269-1617218985-sysbot+gh@w3.org>

From 2021-03-31 WG call: @agl objects that there seems to be little reason to ban the zero AAGUID for all future implementations, and that doing so would likely lead to divergences as different platforms choose different solutions for how to set a nonzero AAGUID when an authenticator does not provide one. WebAuthn encompasses more than just FIDO authenticators, so the WebAuthn API can be more permissive than FIDO certification requirements are.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1588#issuecomment-811377269 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 31 March 2021 19:29:52 UTC