Re: [webauthn] Provide an explicit way to opt out of multi-device syncing/backups (#1714) from John Bradley via GitHub on 2022-04-04 (public-webauthn@w3.org from April 2022)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Mon, 04 Apr 2022 14:24:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1087626037-1649082292-sysbot+gh@w3.org>

Somewhere berried in this there was a request to rename the bit flags to hints.

We should specifically discuss that and create a pull request or close.

To that point, all information other than the signature itself is untrusted outside the context of a trusted attestation.  That includes UV and UP.

I don't see why these flags would be different.

I don't think they need to be called hints, but don't feel strongly about it, if people think it would be useful to give RP more warning.



-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1714#issuecomment-1087626037 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 4 April 2022 14:24:58 UTC