Re: [webauthn] Add transport used during authentication to assertion payload (#1668)

> If this is the case, it should be called a transportSelectionHint to make it extremely clear that it is not an enforceable security property. There have already been multiple instances of RP's implementing webauthn that have incorrectly assumed that criteria are security properties rather than UX hints, and I think we should improve this in the language we use for these values.

I don't think we can save such RPs. We can't rename everything that exists and, if we start calling things transportAsReportedByTheBrowser then it suggests that the other values _are_ coming from the authenticator!

GitHub Notification of comment by agl
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Thursday, 9 September 2021 00:24:10 UTC