Re: [webauthn] Need to have authenticator-only extensions (#2331) from Firstyear via GitHub on 2025-08-19 (public-webauthn@w3.org from August 2025)

From: Firstyear via GitHub <noreply@w3.org>
Date: Tue, 19 Aug 2025 04:49:25 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3199194082-1755578963-noreply@w3.org>

> It _could_ be a spec concern, if the spec were to say that a client MUST NOT filter out extensions it does not recognise. Of course it doesn't say that - at least not at the moment.

Yes, I think this is the key point - browsers are currently making a choice because the spec has a hole in it. That hole should be clarified and explicit in what the behaviour is. 

Though on the other hand, it's unlikely browsers will change their behaviour even if the spec were clarified. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2331#issuecomment-3199194082 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 19 August 2025 04:49:26 UTC