@cyberphone In that case the RP can communicate [a list of "allowed credentials"](https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrequestoptions-allowcredentials). This allow, in effect, to prevent the client from using "zombie" credentials like you said. -- GitHub Notification of comment by haxelion Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1612#issuecomment-841005365 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Friday, 14 May 2021 04:56:20 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC