Re: [webauthn] Authenticator flag to indicate internal knowledge of rk (discoverable credential creation). (#1761) from Firstyear via GitHub on 2022-07-19 (public-webauthn@w3.org from July 2022)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Tue, 19 Jul 2022 07:01:50 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1188676066-1658214108-sysbot+gh@w3.org>

Could a possible reason for this to exist be that currently when a platform requests a rk to be created, the current credprops extension only is true if the browser *thinks* it asked for an rk to be created. But that doesn't mean that the authenticator "really did" make an rk. So it means that credprops in the case of a "weird authenticator" is unreliable even from a user-interaction hint perspective. 

Some protos like CTAP2.1 enforce that if rk was sent from the browser to the device it MUST create an rk or error ( https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#op-makecred-step-rk ) but this may not be necesarily be true for all classes of authenticators. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1761#issuecomment-1188676066 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 19 July 2022 07:01:52 UTC