- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Wed, 11 May 2022 19:21:43 +0000
- To: public-webauthn@w3.org
The py_webauthn project recently received a PR to add in [support for the `credProtect` extension](https://github.com/duo-labs/py_webauthn/pull/128). I initially declined to land it, but after @emlun's comments in #1703 that _technically_ there's nothing preventing us from passing through unrecognized extensions, I reconsidered and currently plan on allowing it at some point. I still think I'd selfishly want the WebAuthn spec to only think about extensions it specifically chooses to define. It seems too burdensome, from a spec maintenance perspective, to define a small handful of extensions and then simultaneously mandate that future WebAuthn functionality proposals consider _all_ possible extensions and be blocked when they don't. How are we expected to track when new extensions come out, if they don't get funneled through this repo? I suppose that's why we have the IANA registry, but [looking at the current list](https://www.iana.org/assignments/webauthn/webauthn.xhtml) of defined WebAuthn extensions there are many still in there that I thought were dropped from L2. I think this issue is a good one, guidance one way or another would be good for us to specify. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1730#issuecomment-1124200658 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 11 May 2022 19:21:44 UTC