Re: [webauthn] How to know if a user has already registered a device? (#1749) from Firstyear via GitHub on 2023-11-24 (public-webauthn@w3.org from November 2023)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Nov 2023 23:03:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1826127208-1700867035-sysbot+gh@w3.org>

There are a lot of holes in this plan. I also think it's not worth my time to explain them - you have decided that "you want things to work a certain way" and are trying to force webauthn to do things that it never will. 

If you plan to use webauthn, then you need to step back, re-read the specification, understand why decisions have been made as they have and the risks that they protect from, and then use it correctly. 

Is webauthn perfect? No. Is it better than alternatives? Absolutely. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749#issuecomment-1826127208 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 24 November 2023 23:03:58 UTC