LGTM3 I'm really excited to see this ship. It seems likely to be a key to really unlocking widespread WebAuthn usage to me.
Rick On Mon, Sep 26, 2022 at 5:07 AM Yoav Weiss <[email protected]> wrote: > LGTM2 > > On Mon, Sep 26, 2022 at 9:50 AM Mike West <[email protected]> wrote: > >> LGTM1. >> >> The internal privacy/security review concluded that the design of the >> developer flow's integration with an autofill prompt substantially >> mitigates privacy concerns around knowing whether the user has credentials. >> `isConditionalMediationAvailable` is tied to the underlying platform which >> we already reveal to the site through UA client hints and highly correlated >> with `isUserVerifyingPlatformAuthenticatorAvailable`, though it does allow >> marginal distinction between Win11+ and other Windows versions. Given that >> we're relying on the underlying platform authenticator, this is a leak >> we're unlikely to be able to address. >> >> The benefits of driving more cross-browser usage of WebAuthn are >> substantially security-positive, however, and pushing the passkey story >> forward is a solid justification for shipping this mechanism IMO. Safari >> and Edge being on board mitigates to some extent the lack of engagement >> from Mozilla. Thank you for filing the standards position request anyway; >> I've poked some folks on the side to see if there's someone who might be >> interested in paying more attention. >> >> In the meantime, good luck shipping this! >> >> -mike >> >> On Tuesday, September 20, 2022 at 12:03:08 AM UTC+2 Nina Satragno wrote: >> >>> Filed https://github.com/mozilla/standards-positions/issues/692, thanks! >>> >>> On Mon, Sep 19, 2022 at 5:36 PM Jeffrey Yasskin <[email protected]> >>> wrote: >>> >>>> On Mon, Sep 19, 2022 at 2:25 PM Nina Satragno <[email protected]> >>>> wrote: >>>> >>>>> ... >>>>> Interoperability and Compatibility >>>>> >>>>> Very low: this is a new feature that's already implemented by Safari >>>>> on their Technology Preview. >>>>> >>>>> Gecko: No signal >>>>> >>>> >>>> It's probably worth filing a standards-position >>>> <https://github.com/mozilla/standards-positions/issues/new> request >>>> for significant WebAuthn changes, even though I see from >>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/Vfg2o0peyYg/m/Vp0h8i5VBQAJ >>>> that we can't expect Mozilla to respond. >>>> >>>> Other than that: Yay! >>>> >>>> Jeffrey >>>> >>>> >>> >>> -- >>> >>> [image: Google Logo] >>> Nina Satragno >>> Ingeniera en Informática >>> she/her >>> [email protected] >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2391dbcc-4153-43e4-8354-a4cf6987f1edn%40chromium.org >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2391dbcc-4153-43e4-8354-a4cf6987f1edn%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXVJ3ALRcCoZqcoeXThku0cymZOQZ1k-j8UQxszLmbn4g%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXVJ3ALRcCoZqcoeXThku0cymZOQZ1k-j8UQxszLmbn4g%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY9-WOR-8yqcf82BdCBnijKeMan-OcjzXSuGdK5VJ78fZQ%40mail.gmail.com.
