Adam Langley

A birdshot of thoughts: While sites do not have _assurance_ that a credential is device-bound today without checking the attestation, I accept that there is a norm that it will...

> Using WebAuthn within WebExtension is also a challenge with the current restrictions If one does WebAuthn operations within a site's origin then it'll be scoped to that origin for...

> I'm interested to understand how this discussion can lead to changes in the spec (who has authority on it) and how we can all collaborate to extend the support...

> > This has now lead to Apple's iOS and macOS sending BE=true during registration, but BE=false during subsequent usage of the credential during assertion ceremonies. > This is likely...

We should poke Arnar in two weeks time about this.

I'd certainly like to get thinks working better on non-default color schemes (although I can't see how to switch GNOME 3 to a different theme). However, these changes are adding...

I flipped over to the dark theme and I agree that it's a mess. I also tried disabling all color settings and that's a disaster in every case, so some...

DELIVERY_SIGNATURE_INVALID means that something has gone very wrong: either your group member private key is incorrect, the contact has changed theirs somehow, or the server's group public key is corrupt....

To anyone who got hit by the persistent DELIVERY_SIGNATURE_INVALID on incoming messages, please see my message on #135.

Although a perfectly reasonable desiderata, I think the lack of test coverage is the bigger problem at the moment. The CLI, for example, is not tested at all. After fixing...