W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2022

Re: [webauthn] devicePubKey extension MUST be supported if multi-device WebAuthn credentials are used (#1691)

From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
Date: Tue, 25 Jan 2022 15:40:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1021319218-1643125223-sysbot+gh@w3.org>
> This is why dpk should always be provided if multi-device WebAuthn credentials are provided. They are inseparable companion features to ensure backward compatibility on the security model where the credentials were bound to devices. It is disappointing if WebAuthn cannot mandate such an important issue.

@maxhata, please be sure to take a look at the pull request for [devicePublicKey](https://github.com/w3c/webauthn/pull/1663), specifically the `scope` parameter. The DPK may be more specific than just device-level on some platforms.

-- 
GitHub Notification of comment by timcappalli
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1021319218 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 25 January 2022 15:40:26 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC