- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 Oct 2023 14:07:30 +0000
- To: public-webauthn@w3.org
On the other hand one could argue that this still misses the mark - it's still the client handling the private keys, so they are still not hardware-bound. Perhaps we should instead do this with a new extension that enables actually hardware-bound private keys. But again in favour of doing this in PRF: this would be compatible with existing authenticators that support the CTAP2 `hmac-secret` extension; a new extension would not be compatible with existing authenticators. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1945#issuecomment-1746954092 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 4 October 2023 14:07:32 UTC