- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Sat, 18 Jun 2022 23:10:40 +0000
- To: public-webauthn@w3.org
> The case _without_ DPK is not as good, as the RP couldn't distinguish first-time use of the credential on a device from subsequent credential usage on a device - losing the ability to detect _strong_ (in the sense of FIDO before Passkeys) device binding. There is difference in how DPK works for registration vs authentication. We want to block keys at *registration* so the features of DPK which are around attesting via authentication flows isn't relevant. > > --> back to my previous opinion that DPK support would be sufficient for Enterprise RPs. It's not. Erroring "after" registration and trying to communicate why that error occurred is a terrible process. It will frustrate users. This is basic elements of human interaction psychology that we need to introduce a *constraint* before the process to prevent the user making the error in the first place. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1739#issuecomment-1159579781 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 18 June 2022 23:10:41 UTC