- From: Tim Cappalli via GitHub <noreply@w3.org>
- Date: Fri, 24 Oct 2025 15:27:02 +0000
- To: public-webauthn@w3.org
@LBBO > Could you perhaps elaborate on this a bit? What issues would arise from signing one (or both) of these properties or including them in objects that already have integrity protection? My response was to the quoted text (the OP), not your proposal. > And purely out of curiosity: why are these properties exposed to the RP in the first place if they're not guaranteed to not have been manipulated? They are not security properties. They are primarily used to craft user experiences in more advanced use cases. -- GitHub Notification of comment by timcappalli Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2349#issuecomment-3443719727 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 October 2025 15:27:03 UTC