- From: Michael David Kuckuk via GitHub <noreply@w3.org>
- Date: Fri, 24 Oct 2025 14:46:18 +0000
- To: public-webauthn@w3.org
> ... the adverse effects it is likely to have in the greater ecosystem (consumer, unmanaged context) Could you perhaps elaborate on this a bit? What issues would arise from signing one (or both) of these properties or including them in objects that already have integrity protection? And purely out of curiosity: why are these properties exposed to the RP in the first place if they're not guaranteed to not have been manipulated? Why can an RP limit the transports of the allowed credentials if that limitation can simply be removed by an AitM without anyone ever being able to detect this manipulation? -- GitHub Notification of comment by LBBO Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2349#issuecomment-3443548505 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 October 2025 14:46:20 UTC