Re: [webauthn] Generalize PRF extension processing to non-CTAP authenticators (#2298) from Emil Lundberg via GitHub on 2025-06-13 (public-webauthn@w3.org from June 2025)

From: Emil Lundberg via GitHub <noreply@w3.org>
Date: Fri, 13 Jun 2025 13:43:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2970457688-1749822220-noreply@w3.org>

> In the registration section, there is no mention of the "salts" for non-CTAP:

Thanks, good catch! This was an oversight while editing the text.

The precomputation of the salts by the client is still relevant in order to have the client enforce domain separation in cases where the authenticator is distinct from the client.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2298#issuecomment-2970457688 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 13 June 2025 13:43:43 UTC