Re: [webauthn] WebAuthn Clients should NOT zero out AAGUIDs from security keys when attestation is none (#2198)

[ยง 5.1.3.](https://w3c.github.io/webauthn/#sctn-createCredential) states:

> When this method is invoked, the user agent MUST execute the following algorithm:

This means that not only are AAGUIDs "allowed" to not be zeroed out, but that it is in fact _forbidden_ to do so as that would violate the algorithm which _MUST_ be followed. Am I being too pedantic here?

-- 
GitHub Notification of comment by zacknewman
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2198#issuecomment-2474879889 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 13 November 2024 21:45:28 UTC