- From: Shane Weeden via GitHub <sysbot+gh@w3.org>
- Date: Wed, 23 Feb 2022 23:49:58 +0000
- To: public-webauthn@w3.org
> @sbweeden But nothing can be truly asserted or trusted from the initial makeCred, you can only trust things that are signed in the response from the attestation. So it's not possible to achieve this "up front" need selection .... At no point was I suggesting that verification is not still required at the server - it is. The reason for desiring up-front authenticator selection criteria is to improve the UX for legitimate registration use cases. This is the same reason for example that front-end JS is used to do initial form field validation for email/integer/etc rather than wait till everything be posted to the server and then rejected. -- GitHub Notification of comment by sbweeden Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1049340523 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 23 February 2022 23:49:59 UTC