- From: Nina Satragno via GitHub <noreply@w3.org>
- Date: Wed, 20 Aug 2025 19:40:25 +0000
- To: public-webauthn@w3.org
Browsers also cannot make any guarantees to their users about the privacy & security of WebAuthn if they allow unvetted extensions. > If browser vendors ignore what's in the specification, they shouldn't claim that their companies are behind the passkeys :-) I thought that all alliance members should make sure their implementations are complaint with the published specifications, no? This understanding of web standards is incorrect: the specification needs a browser implementation to become a standard, not the other way around. If no browser implements a certain feature, it's removed from the specification (or more commonly, never added in the first place). There are other mechanisms to enable hardware experimentation & innovation on the web, e.g. [WebUSB](https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API) and [WebBluetooth](https://developer.mozilla.org/en-US/docs/Web/API/Web_Bluetooth_API). -- GitHub Notification of comment by nsatragno Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2331#issuecomment-3207827771 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 20 August 2025 19:40:26 UTC