- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Feb 2023 00:18:32 +0000
- To: public-webauthn@w3.org
Picking at the language in the spec: > Similarly, any extension that requires authenticator processing MUST return an [authenticator extension output](https://w3c.github.io/webauthn/#authenticator-extension-output) to let the [Relying Party](https://w3c.github.io/webauthn/#relying-party) know that the extension was honored by the authenticator. If the authenticator refused / failed to create a DPK then the extension wasn't honored by the authenticator. > If an extension does not otherwise require any result values, it SHOULD be defined as returning a JSON Boolean [client extension output](https://w3c.github.io/webauthn/#client-extension-output) result, set to true to signify that the extension was understood and processed. DPK does require result values. (And in the case in question, the extension was not processed.) > Likewise, any [authenticator extension](https://w3c.github.io/webauthn/#authenticator-extension) that does not otherwise require any result values MUST return a value and SHOULD return a CBOR Boolean [authenticator extension output](https://w3c.github.io/webauthn/#authenticator-extension-output) result, set to true to signify that the extension was understood and processed. DPK does require result values. (And in the case in question, the extension was not processed.) So I don't think any of those apply here? In practice, I don't believe that the authenticator failing to create a DPK is a useful signal for sites. It "shouldn't" happen. Of course, weird corruption does happen on a tiny handful of devices that can cause all sorts of weirdness, but that argues too much: if _any_ sort of weird behaviour is in scope then we would have no end of error conditions to explicitly handle. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1846#issuecomment-1442609967 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 February 2023 00:18:34 UTC