Re: [webauthn] backup states in authenticator data (#1695)

> And we shouldn't ignore the fact that existing multi-device credentials are currently opt-in; they're not representative of functionality that's GA. What if instead we start suggesting ways in which RP's can detect these "beta" credentials to retire or accept updated flags for accordingly.

To clarify my point here, I think we should leave it to the WACG to craft and share out such advice to help RP's survive the transition period we're in. The spec meanwhile should focus on defining these flags to represent the greatest number of credentials, including compatibility with existing ones, which would be my rationale for keeping BE of 0 to mean "not eligible to be backed up".

GitHub Notification of comment by MasterKale
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Thursday, 14 April 2022 16:12:31 UTC