Thanks for all the comments. I not know the best way to define the requirement in the spec. But RP requirement is how to avoid the following situation. > There are many RPs who cannot accept passkeys without devicePubKey due to security and/or legal reasons. > If there is a device that supports passkeys but not devicePubKey, such RPs cannot deploy WebAuthN or FIDO at all. How will this be avoided? How can the WebAuthN spec help solve? -- GitHub Notification of comment by maxhata Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1018108521 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Friday, 21 January 2022 02:31:24 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC