W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2022

[webauthn] Process to report non-compliant credentials (#1713)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Mon, 28 Mar 2022 22:44:35 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1184077603-1648507474-sysbot+gh@w3.org>
Firstyear has just created a new issue for https://github.com/w3c/webauthn:

== Process to report non-compliant credentials ==
Hi all,

So far having implemented webauthn-rs, and developed a compatibility testing site, we have uncovered a number of non-compliant credentials (windows 11 + TPM in some cases sends a truncated aaguid, pixel 3a/4 do not send valid authenticator attestation response). 

There seems to be no good way to handle this situation, and no clear way to direct feedback to the various manufactures to report non-compliant credentials/devices. Is this a process that we can improve as part of this wg? 

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1713 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 28 March 2022 22:44:37 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC