Re: [webauthn] Don't be so strict about uv with the PRF extension. (#1836)

I think the only concern is that it relies on all browsers to implement uv=preferred consistently across device classes. Chrome and Safari are certainly here where uv=preferred is more often than not uv=required, but firefox is really absent here. 

I think the stronger wording was fine because I think RP's should know there are risks of changing between the UV types, and so consistency is important.

Perhaps if you want to make this wording softer, could it be worth saying that when an RP gets the PRF outputs back they also need to check uv=true/false to determine if the correct PRF was used? 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1836#issuecomment-1371574281 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 5 January 2023 00:20:11 UTC