Re: [webauthn] Provide an explicit way to opt out of multi-device syncing/backups (#1714) from Lukas Ribisch via GitHub on 2022-03-30 (public-webauthn@w3.org from March 2022)

From: Lukas Ribisch via GitHub <sysbot+gh@w3.org>
Date: Wed, 30 Mar 2022 20:21:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1083587347-1648671708-sysbot+gh@w3.org>

> The DPK is a device-bound key for use with the multi-device credential as a device signal for risk assessment. It does not replace the multi-device credential.

RPs are free to ignore it and only use the DPK for all authentication decisions (and out-of-band mechanisms for new device registration) though, right?

Effectively, this would be a complicated and (for implementations) intransparent way of opting out of syncing.

-- 
GitHub Notification of comment by lxgr
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1714#issuecomment-1083587347 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 30 March 2022 20:21:51 UTC