Re: [webauthn] Authenticator flag to indicate internal knowledge of rk (discoverable credential creation). (#1761) from Matthew Miller via GitHub on 2022-07-05 (public-webauthn@w3.org from July 2022)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Jul 2022 21:44:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1175530131-1657057497-sysbot+gh@w3.org>

> We already have credprops https://www.w3.org/TR/webauthn-2/#sctn-authenticator-credential-properties-extension

But isn't the issue with a **client** extension is that it's not part of any signed value, so strictly speaking it can't be trusted? I feel like that's a common refrain when talking about these kinds of extensions that aren't in `authData`.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1761#issuecomment-1175530131 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 5 July 2022 21:45:00 UTC