You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We did this to avoid worse fingerprinting of Firefox CTAP2 support via user agent sniffing. The details are available in the bug.
I dislike adding fingerprinting surface, but the alternative for this situation was for RPs to have knowledge that Firefox 66 on Windows 10 build ${buildnumber} to have CTAP2 support, and others do not.
Perhaps this is something the WG should consider adding to the spec.
The text was updated successfully, but these errors were encountered:
jcjones
changed the title
Add a fingerprinting
Add a method to determine whether external CTAP2 security keys are supported
Mar 7, 2019
In argument to not adding this to the spec, it's a transitory thing: Firefox, for example, will eventually return a promise that resolves true every time, once we have support for CTAP2 on all platforms.
I'd really like to see this be a "user-agent webauthn capabilities" api, which covers more than just CTAP2, but also "pin support", plus potentially other things that allow the RP developer to provide a superior user experience during registration.
In Mozilla's bug 1526023, we added a non-standard WebIDL method to
PublicKeyCredential
:We did this to avoid worse fingerprinting of Firefox CTAP2 support via user agent sniffing. The details are available in the bug.
I dislike adding fingerprinting surface, but the alternative for this situation was for RPs to have knowledge that Firefox 66 on Windows 10 build
${buildnumber}
to have CTAP2 support, and others do not.Perhaps this is something the WG should consider adding to the spec.
The text was updated successfully, but these errors were encountered: