We changed level 2 to allow unsolicited. That is not to say that there won't be a pile of existing RP's with code that might be based on Level 1 that might reject assertions with unknown extensions. Flags are less likely to break existing RP and don't require additional bits to be sent in both the request and response that an extension would. I could live with it as an extension but think using the bit flags is cleaner. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1692#issuecomment-1022401369 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Wednesday, 26 January 2022 17:03:15 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC