Re: [webauthn] devciePubKey extension MUST be supported if passkey is supported (#1691)

Should it also be the case that attestation AAGUID for passkeys be unique and distinct from a device bound credential created on the same platform authenticator? Said another way, the RP, when using attestation, should be able to determine if the credential created by a platform authenticator is a passkey even if the extension is not requested or otherwise absent. 

GitHub Notification of comment by sbweeden
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Thursday, 20 January 2022 11:14:10 UTC