- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 27 Nov 2023 14:05:47 +0000
- To: public-webauthn@w3.org
Actually, no - to be more precise, `passkey-platform-authenticator` would have to be undefined in cases where its value would uniquely determine the true value of an undefined `hybrid` value. Assuming that `uvpaa` is always defined, because the method still exists, the only case `ppa` would leak information is when `uvpaa` is `true`. So in order to not leak a bluetooth fingerprinting bit, the combinations that could be emitted are these: | uvpaa | hybrid | ppa | |:-------:|:-------:|:-------:| | `true` | ? | `true` | | `true` | `true` | `true` | | `true` | `false` | `true` | | `false` | ? | ? | | `false` | `true` | `true` | | `false` | `false` | `false` | -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1923#issuecomment-1827898246 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 27 November 2023 14:05:49 UTC