- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Mon, 13 Jun 2022 01:11:20 +0000
- To: public-webauthn@w3.org
> Perhaps refine this to "hint to the client to guide UX during the registration ceremony, that non-device-bound keys would ultimately be rejected by the relying party"? Any hint we add should have a direct relation to a flag in the registration process, such as the backup bits. A historical pain point for example is requesting resident keys, where there is no verifiable signal in response that an RK was actually created. So it would be good if we paired both the *hint* to the UX, with what the signed and attested response fields are so the RP can verify that the hint was followed and respected. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1739#issuecomment-1153351580 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 13 June 2022 01:11:22 UTC