W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2022

Re: [webauthn] devicePubKey extension MUST be supported if multi-device WebAuthn credentials are used (#1691)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Wed, 26 Jan 2022 08:11:59 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1021960037-1643184717-sysbot+gh@w3.org>
> Is that a guarantee, @timcappalli? Does that include platform key-pairs too? Will the FIDO Alliance make "synchronized key-pairs/credentials" mandatory or optional for server manufacturers to get certified? Will all those people who have invested in web/mobile applications never have to change their web/mobile apps when Level-3 is standardized if they do not wish to support synchronized key-pairs/credentials?

You are completely right! There is no way for an RP to detect a synchronised key today or in the future, regardless of DPK existing or not. :) 

GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1021960037 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 26 January 2022 08:12:00 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC