Re: [webauthn] Need to have authenticator-only extensions (#2331) from Shane Weeden via GitHub on 2025-08-19 (public-webauthn@w3.org from August 2025)

From: Shane Weeden via GitHub <noreply@w3.org>
Date: Tue, 19 Aug 2025 04:31:08 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3199168448-1755577866-noreply@w3.org>

> This is not a spec concern as the spec does not dictate that clients filter extensions.
> 
> Each client and user agent has their own security and privacy policies. I recommend you open issues with them.

It *could* be a spec concern, if the spec were to say that a client MUST NOT filter out extensions it does not recognise. Of course it doesn't say that - at least not at the moment.

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2331#issuecomment-3199168448 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 19 August 2025 04:31:10 UTC