Re: [webauthn] Same PRF regardless of UV? (#2337) from My1 via GitHub on 2025-10-09 (public-webauthn@w3.org from October 2025)

From: My1 via GitHub <noreply@w3.org>
Date: Thu, 09 Oct 2025 07:07:17 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3384425446-1759993634-noreply@w3.org>

@ve7jtb the key problem is that the editor draft here on github specifies the restriction to only use the UV version of the prf in webauthn for the ctap2 hmac-secret backend only. It further states that other backends have to use the same prf regardless of UV.


@iinuwa dont platform passkeys like Google or apple implicitly always use UV regardless of the request?

Although granted i might need to do more testing around that. 

-- 
GitHub Notification of comment by My1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2337#issuecomment-3384425446 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 9 October 2025 07:07:18 UTC