- From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
- Date: Thu, 02 May 2024 13:37:35 +0000
- To: public-webauthn@w3.org
> I'm sure we've discussed this at some point, but please remind me: what is the issue with the currently specified behaviour of zeroing the AAGUID for _all_ authenticators, including platform authenticators, unless attestation is requested? The AAGUID is valuable for end user credential names/icons, so many in market deployments are passing an AAGUID even when attestation is not requested. There was consensus in the group that AAGUID should be allowed without attestation. At the F2F a few weeks back, there were concerns about only allowing this for platform providers, so the consensus was that there will be 2 PRs: one that just allows the current behavior (this one) and another that allows AAGUIDs from all authenticators. -- GitHub Notification of comment by timcappalli Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2058#issuecomment-2090524172 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 2 May 2024 13:37:36 UTC