Re: [webauthn] backup states in authenticator data (#1695)


Someone from apple contacted me directly to discuss, and it turns out there was a second bug in safari related to attestation and platform syncing, where my device was behaving incorrectly and creating a device-bound key with attestation even when sync was requested. That's what led to the confusion as it appears apple have an undocumented behaviour where passkeys do NOT respond to any attestation requests, but if sync is disabled, they will then allow attestation to proceed.

As a result, my concerns about currently existing passkeys are invalid, meaning that the proposal "as is" is good to go then. Sorry for the pain @timcappalli :(

GitHub Notification of comment by Firstyear
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Monday, 18 April 2022 23:59:51 UTC