- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Thu, 26 Sep 2024 13:49:59 +0000
- To: public-webauthn@w3.org
Will the `credProps` input and processing be changed too? If not, then that would suggest the practice of scrubbing the AAGUID during attestation when the `"none"` `AttestationConveyancePreference` is sent should be removed since now AAGUID can always be retrieved by an RP even for cross-platform authenticators. Perhaps change the input from a `boolean` to an `enum` that allows an RP to still fetch `rk` without the AAGUID and directing user agents to remove AAGUID when a particular `enum` value is sent. User agents should be directed to receive user consent when AAGUID is queried the way many browsers do when something other than `"none"` attestation is requested. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2157#issuecomment-2377035646 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 26 September 2024 13:50:00 UTC