- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Mon, 18 Apr 2022 23:54:08 +0000
- To: public-webauthn@w3.org
Someone from apple contacted me directly to discuss, and it turns out there was a second bug in safari related to attestation and platform syncing, where my device was behaving incorrectly and creating a device-bound key with attestation even when sync was requested. That's what led to the confusion as it appears apple have an undocumented behaviour where passkeys do NOT respond to any attestation requests, but if sync is disabled, they will then allow attestation to proceed. As a result, my concerns about currently existing passkeys are invalid, meaning that the proposal "as is" is good to go then. Sorry for the pain @timcappalli :( -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1692#issuecomment-1101863674 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 18 April 2022 23:54:10 UTC