Firstyear

> > As I'm reading this, you are expressing an opinion that WASM is a "demo" or a "toy" language, and not something you need to seriously consider in the...

@sbweeden But nothing can be truly asserted or trusted from the initial makeCred, you can only trust things that are signed in the response from the attestation. So it's not...

> This can already be technically achieved using the `allowCredentials` option. At the time of attestation you record enough information to know this credential is of the particular criteria you...

Since apparently I have confused everyone, with the highly confusing language of "resident key" I have rewritten the issue to be clearer.

> > The new `BE` flag in L3 signals whether the credential is hardware-bound to the secure element (when combined with an appropriate attestation). > > I disagree with this...

@emlun Also suggested offline that in *addition* to this, we should have better resources to educate about the threats/risks of how key wrapped keys work to help people make valid...

Okay, I agree @emlun. Lets improve that education then. Where would be the best place to target that?

> Broad stroke reaction: attestation of particular storage and secure element binding of a key would be better as part of an attestation, and better still indirectly through lookup based...

The latter.

Could a possible reason for this to exist be that currently when a platform requests a rk to be created, the current credprops extension only is true if the browser...