- From: philomathic_life via GitHub <noreply@w3.org>
- Date: Wed, 11 Jun 2025 13:53:12 +0000
- To: public-webauthn@w3.org
> I've now reworked the extension processing steps to clearly distinguish between CTAP and non-CTAP implementations, the latter being abstractly defined. @nsatragno @zacknewman thoughts? > > I changed my mind about `hmac-secret-mc`; adding that would definitely be a technical change that we need to demonstrate 2 interoperable implementations of, which is (probably?) infeasible for L3. I think it's fine for `hmac-secret-mc` to slip to L4, since the current specification already vaguely references such a "future extension" that may be used. > > I guess this raises the question of whether we also need to show interoperable implementations of the abstract non-CTAP specification. But maybe those already exist? @pascoej @nicksteele do you know? I would hope we keep the non-CTAP general. Seems harmful to forbid implementations to use more modern PRFs like a prefix-PRF using SHA-3. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2298#issuecomment-2962872957 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 11 June 2025 13:53:13 UTC