Re: [webauthn] Add transport used during authentication to assertion payload (#1668)

> There's no extension defined for this but, even if we defined one, it wouldn't have any support from authenticators. An extension isn't needed for the motivating use here, which is allow a website to figure out whether to offer to register a platform authenticator.

If this is the case, it should be called a transportSelectionHint to make it extremely clear that it is not an enforceable security property. There have already been multiple instances of RP's implementing webauthn that have incorrectly assumed that criteria are security properties rather than UX hints, and I think we should improve this in the language we use for these values. 

GitHub Notification of comment by Firstyear
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Thursday, 9 September 2021 00:20:21 UTC