- From: Adam Langley <noreply@github.com>
- Date: Wed, 04 Jan 2023 14:14:10 -0800
- To: public-webauthn@w3.org
Branch: refs/heads/prf2 Home: https://github.com/w3c/webauthn Commit: 24359a14f2098d260f7b8529d38fe6346fed2326 https://github.com/w3c/webauthn/commit/24359a14f2098d260f7b8529d38fe6346fed2326 Author: Adam Langley <agl@imperialviolet.org> Date: 2023-01-04 (Wed, 04 Jan 2023) Changed paths: M index.bs Log Message: ----------- Don't be so strict about uv with the PRF extension. Authenticators may have different PRFs for the UV and non-UV case. Thus setting uv=preferred during an assertion is fraught: it doesn't fully specify which PRF to use. However, while implementing this, I ended up feeling that the prohibition on using uv=preferred was too strong. Sites may reasonably want to use uv=preferred and to take advantage of available PRF results. If the evaluation points are global then this isn't so silly as to justify a prohibition, I suspect.
Received on Wednesday, 4 January 2023 22:14:23 UTC