Re: [webauthn] WebAuthn Clients should NOT zero out AAGUIDs from security keys when attestation is none (#2198) from philomathic_life via GitHub on 2024-11-13 (public-webauthn@w3.org from November 2024)

From: philomathic_life via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Nov 2024 21:45:27 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2474879889-1731534325-sysbot+gh@w3.org>

[§ 5.1.3.](https://w3c.github.io/webauthn/#sctn-createCredential) states:

> When this method is invoked, the user agent MUST execute the following algorithm:

This means that not only are AAGUIDs "allowed" to not be zeroed out, but that it is in fact _forbidden_ to do so as that would violate the algorithm which _MUST_ be followed. Am I being too pedantic here?

-- 
GitHub Notification of comment by zacknewman
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2198#issuecomment-2474879889 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 13 November 2024 21:45:28 UTC