- From: Joel Biddle via GitHub <sysbot+gh@w3.org>
- Date: Thu, 30 Nov 2023 03:11:08 +0000
- To: public-webauthn@w3.org
@r-jo while some of your points are valid you could have gone about this way better. Posting huge amounts of text, downvoting people who respond (literally the very people who are the WebAuthn spec members) and yourself being somewhat disrespectful (even hostile as you call it) never ever works to persuade anyone who is in a position to back your ideas. Also as others said the security implications of some of what you're proposing (eg. not having a challenge) are high and show a lack of understanding (on your part) of the spec. Further, users should be allowed to create multiple accounts - imagine if you could only have one Google account with your security key and you need to delete it (and your account?) to make another. It's up to you as a RP to work through multiple accounts not the spec. I agree some of the UX is not the best yet (eg. Sign-in when you the user hasn't set a key with that device) and many users are definitely confused by passkeys - it would better to have a single issue for these. -- GitHub Notification of comment by ragnarbull Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1915#issuecomment-1833038617 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 30 November 2023 03:11:10 UTC