- From: Lukas Ribisch via GitHub <sysbot+gh@w3.org>
- Date: Wed, 30 Mar 2022 20:16:31 +0000
- To: public-webauthn@w3.org
> or go to an open ecosystem where every sufficiently certified device is allowed, and DPK is always requested to trigger an explicit device sync flow: either reject the attempt because a new device is detected, or trigger the explicit enrolment of the new device through its DPK. This would indeed be a way to enforce the current, non-syncing behavior if I understand it correctly. Given that DPK is accepted as proposed, this proposal is then mostly syntactic sugar on the RP/API consumer side. On the implementor side, it still seems useful to have, e.g. for UX purposes (as there is no point in uploading and showing a credential in a user's syncing account if it effectively can never be used for logins). -- GitHub Notification of comment by lxgr Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1714#issuecomment-1083582787 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 30 March 2022 20:16:32 UTC