Re: [webauthn] Authenticator data flags reserved bits must be 0 or the figures would ideally be changed (#2063) from Emil Lundberg via GitHub on 2024-05-27 (public-webauthn@w3.org from May 2024)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 27 May 2024 15:20:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2133686769-1716823222-sysbot+gh@w3.org>

@zacknewman Not all requirements can be enforced in-protocol. Authenticators are required to set the RFU bits to zero for now, but RPs should not enforce this behaviour since that would break those RPs if the bits are allocated in the future. Certification programs - such as those run by FIDO for the CTAP2 implementation of the authenticator operations - could enforce that "the `RFU` bits SHALL be set to zero", but it's a bad idea to embed such enforcement in the protocol as that would undermine the point of the flags being "reserved for future use".

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2063#issuecomment-2133686769 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 27 May 2024 15:20:25 UTC