- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Thu, 27 Jan 2022 22:17:58 +0000
- To: public-webauthn@w3.org
> We changed level 2 to allow unsolicited. > That is not to say that there won't be a pile of existing RP's with code that might be based on Level 1 that might reject assertions with unknown extensions. AFAIK are already long-broken via the (relatively popular) combination of authenticators which support `credProps` and browsers which mandate its use if available. I would be more inclined to reserve these bits for mandatory-to-understand extensions as well as changes to the structure of authenticator data. Bits are also very hard to change the meaning of once (beta) implementations have shipped or to otherwise semantically version. A `backupState` extension can change structure or even be replaced with an extension with a new name. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1692#issuecomment-1023693522 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 27 January 2022 22:18:00 UTC