LGTM2 On Mon, Sep 26, 2022 at 9:50 AM Mike West <[email protected]> wrote:
> LGTM1. > > The internal privacy/security review concluded that the design of the > developer flow's integration with an autofill prompt substantially > mitigates privacy concerns around knowing whether the user has credentials. > `isConditionalMediationAvailable` is tied to the underlying platform which > we already reveal to the site through UA client hints and highly correlated > with `isUserVerifyingPlatformAuthenticatorAvailable`, though it does allow > marginal distinction between Win11+ and other Windows versions. Given that > we're relying on the underlying platform authenticator, this is a leak > we're unlikely to be able to address. > > The benefits of driving more cross-browser usage of WebAuthn are > substantially security-positive, however, and pushing the passkey story > forward is a solid justification for shipping this mechanism IMO. Safari > and Edge being on board mitigates to some extent the lack of engagement > from Mozilla. Thank you for filing the standards position request anyway; > I've poked some folks on the side to see if there's someone who might be > interested in paying more attention. > > In the meantime, good luck shipping this! > > -mike > > On Tuesday, September 20, 2022 at 12:03:08 AM UTC+2 Nina Satragno wrote: > >> Filed https://github.com/mozilla/standards-positions/issues/692, thanks! >> >> On Mon, Sep 19, 2022 at 5:36 PM Jeffrey Yasskin <[email protected]> >> wrote: >> >>> On Mon, Sep 19, 2022 at 2:25 PM Nina Satragno <[email protected]> >>> wrote: >>> >>>> ... >>>> Interoperability and Compatibility >>>> >>>> Very low: this is a new feature that's already implemented by Safari on >>>> their Technology Preview. >>>> >>>> Gecko: No signal >>>> >>> >>> It's probably worth filing a standards-position >>> <https://github.com/mozilla/standards-positions/issues/new> request for >>> significant WebAuthn changes, even though I see from >>> https://groups.google.com/a/chromium.org/g/blink-dev/c/Vfg2o0peyYg/m/Vp0h8i5VBQAJ >>> that we can't expect Mozilla to respond. >>> >>> Other than that: Yay! >>> >>> Jeffrey >>> >>> >> >> -- >> >> [image: Google Logo] >> Nina Satragno >> Ingeniera en Informática >> she/her >> [email protected] >> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2391dbcc-4153-43e4-8354-a4cf6987f1edn%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2391dbcc-4153-43e4-8354-a4cf6987f1edn%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXVJ3ALRcCoZqcoeXThku0cymZOQZ1k-j8UQxszLmbn4g%40mail.gmail.com.
