|
|
|
|
|
|
by tialaramex
1576 days ago
|
|
|
The WebAuthn spec. explicitly tells RPs not to do this (attestation) unless they're sure they really need it. Even Microsoft's half-arsed explanation of how this works inside Azure AD says you should probably not use it. And I tell Firefox "No" when it asks me during enrollment if the site is allowed attestation from my devices, there are no public sites I've used where this was rejected as unacceptable, that includes GitHub, Google's sites, Facebook, and Login.gov. |
|
|