- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Thu, 14 Apr 2022 03:28:52 +0000
- To: public-webauthn@w3.org
I don't really see how (1) solves the problem either. (3) might be annoying, but at least it communicates clearly the state of what's happened. Apple jumped the gun, solved a real user experience problem, but did it in a way that will mess up RP's ability to make security decisions so now we have to assume everything is a passkey. (2) means that the BE flags then "cant really be trusted" if they "might change over time". Suddenly the security properties you asserted over a credential now changed? That's not okay from an RP's view. About the only way I'd see this being okay is if there is also advice in the spec that says: - Transition from 0 -> 1 is valid, 1 -> 0 is not, and must result in the credential being invalidated. - On transition from 0 -> 1, then the RP MAY make a policy decision about if they invalidate the credential or not. I think that's the only way I'd really accept 2 here, is if we help guide RP's on what MIGHT be happening and what they may want to do. Backup of a credential should be a one way street, where once it goes to the backed up state, we must assume it's no longer HW bound. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1695#issuecomment-1098673096 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 14 April 2022 03:28:53 UTC