- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Thu, 19 May 2022 04:22:56 +0000
- To: public-webauthn@w3.org
> > IMO we shouldn't include random extensions like this to the standard. Currently between the 5 models of test authenticator I have from various vendors, no webauthn extension is supported by them. > > Just update the relative information for the point that the extension `hmac-secret` in CTAP2 is the one of [MUST to implement features as Microsoft-compatible security key](https://docs.microsoft.com/nb-NO/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key). So most authenticators from below vendors should already support it. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-key-providers Besides, this optional feature is also marked as mandatory feature for fido2.1 security key, https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#mandatory-features That's for microsoft to decide what they want to require as an extension, and how they communicate that to users about their authenticator compatibility. We shouldn't throw things into webauthn just because one corporate platform wants it. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1732#issuecomment-1131186447 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 19 May 2022 04:22:57 UTC