Should it also be the case that attestation AAGUID for passkeys be unique and distinct from a device bound credential created on the same platform authenticator? Said another way, the RP, when using attestation, should be able to determine if the credential created by a platform authenticator is a passkey even if the extension is not requested or otherwise absent. -- GitHub Notification of comment by sbweeden Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1017392108 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Thursday, 20 January 2022 11:14:10 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC