philomathic_life

> I think that specific item is a case of miscommunication or misunderstanding. That appears to be the case indeed.

Back to the issue of enforcing TLS to guarantee RFC 6749 and WebAuthn conformance. The reason I was against deploying a self-signed certificate is that I don't think it makes...

> Where should we emphasize this? We already provide a note in the admin/diagnostics page. We have a better warning in the web-vault then Bitwarden if someone tries to use...

> From my point of view this issue should be closed / turned into a discussion (as it's not really a technical problem with this project or something that will...

@zacknewman Thanks for the clarification. I still think that the issue should be closed / turned into a discussion because there's no disagreement about that first issue and you already...

I'll provide some feedback that will hopefully be of help. First, `webauthn-rs-core` [does provide a `struct`](https://docs.rs/webauthn-rs-core/0.4.9/webauthn_rs_core/interface/struct.CredentialV3.html) that can be used to migrate to the newer version. [Not to beat a...

> On Dec 22, 2023, at 1:25 AM, Helmut K. C. Tessarek ***@***.***> wrote: > >  > The vw devs usually keep in sync what Bitwarden does. Even, if...

There is a difference between "works" and "works correctly". It violates the spec in two ways, so it's unfortunate a fix won't be made since it's quite easy regardless if...

> Any further updates regarding this? It's important to keep in mind these WebAuthn violations are _probably_ OK. The spec requires at least 100 bits of entropy to be associated...

> @zacknewman Since you already put in the work to upgrade the `webauthn-rs` crate can't you make a PR? @stefan0xC, I did this only on my personal fork which has...