Re: [webauthn] Authenticator flag to indicate internal knowledge of rk (discoverable credential creation). (#1761) from John Bradley via GitHub on 2022-07-05 (public-webauthn@w3.org from July 2022)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Jul 2022 20:07:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1175453074-1657051628-sysbot+gh@w3.org>

We already have credprops https://www.w3.org/TR/webauthn-2/#sctn-authenticator-credential-properties-extension

That tells an interested RP if the credential was created with option RK true. 

Authenticators should not make discoverable credentials if option rk is not true.  They may make credentials like Android that have refrence credentialID and store the keys locally rather than wrapp them in the credentialID, however that is an implementation detail not relevant to the RP.

If you want to know if the credential is discoverable look at credprops.
If you want to know if the credential is hardware bound or backupable then look at the BE flag in authenticator data https://w3c.github.io/webauthn/#sctn-credential-backup

I am trying to understand what is new here?

-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1761#issuecomment-1175453074 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 5 July 2022 20:07:11 UTC