Re: [webauthn] Is `hmac-secret` required for `prf` for non-CTAP authenticators (#2285) from Savely Krasovsky via GitHub on 2025-06-13 (public-webauthn@w3.org from June 2025)

From: Savely Krasovsky via GitHub <noreply@w3.org>
Date: Fri, 13 Jun 2025 11:14:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2970015998-1749813287-noreply@w3.org>

I still don't understand, current CTAP v2.2 specification (from February 28, 2025) describes it's own `hmac-secret` client extension and proposes it's own inputs and outputs like it would be used in WebAuthn context. So in my understanding user agents can implement it and allow direct use of it. And then `prf` became a kind of wrapper around this extension. I am understand this correctly?

-- 
GitHub Notification of comment by savely-krasovsky
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2285#issuecomment-2970015998 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 13 June 2025 11:14:50 UTC