Re: [webauthn] Provide an explicit way to opt out of multi-device syncing/backups (#1714)

Somewhere berried in this there was a request to rename the bit flags to hints.

We should specifically discuss that and create a pull request or close.

To that point, all information other than the signature itself is untrusted outside the context of a trusted attestation.  That includes UV and UP.

I don't see why these flags would be different.

I don't think they need to be called hints, but don't feel strongly about it, if people think it would be useful to give RP more warning.

GitHub Notification of comment by ve7jtb
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Monday, 4 April 2022 14:24:58 UTC