Re: [webauthn] Backup state of credentials (#1692)

> It also prevents any tampering with the request that would be required for an extension.

If we choose extension route, then platforms and authenticators have to support it. RP may or may not need to change depending upon whether we can include the extension by default in user-agent/platform. But this is not called tampering the request. It is called supporting a new extension. :) 

It seems like flags may be simpler. Need some more time to think on this. 

GitHub Notification of comment by akshayku
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 26 January 2022 05:48:03 UTC