Re: [webauthn] Recommend duration of challenge validity (#1855) from Emil Lundberg via GitHub on 2023-02-24 (public-webauthn@w3.org from February 2023)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Feb 2023 09:58:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1443384523-1677232677-sysbot+gh@w3.org>

Yes, I think that's a bit too much indirection. The reader has to do more work to relate those terms to the `UserVerificationRequirement` values, when we can just refer to them directly instead. Especially since this new section is also referenced in the client algorithms, I already think that "the [=[RP]=]'s [=user verification=] preference for the ceremony" is almost too informal as it doesn't explicitly and unambiguously say what defines that preference. But I think it's probably clear enough with the reference to the `UserVerificationRequirement` values.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1855#issuecomment-1443384523 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 24 February 2023 09:58:01 UTC