Re: [webauthn] Reflect caching of user gestures in WebAuthn assertion (#2023) from Firstyear via GitHub on 2024-02-29 (public-webauthn@w3.org from February 2024)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Feb 2024 02:20:01 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1970277392-1709173199-sysbot+gh@w3.org>

I'm sure that it will then shock you to learn about passkey providers that set UV=true when they do not infact re-validate the user. They already do UV caching. 

Ergo my point still stands - if you care about UV being a strong assertion, you need to attest credentials. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2023#issuecomment-1970277392 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 29 February 2024 02:20:02 UTC