tony: not expecting any changes
… everyone agree
jeffH: this will be renaming the master branch
… no PRs until Level 3.
tony: any level 3 issues we want to look at?
agl: we can talk about what we are referencing
… a web site wished to use a usernameless flow
… need to give some icon to click
<jeffh> Explainer: WebAuthn Conditional/Hinted UI
agl: we want something in the background, pop up a non-module design, maybe have something subtle
tony: a few issues here.
<wseltzer> Explainer: WebAuthn Conditional/Hinted UI
agl: remote desktop may be a thing, we might look at that in Level 3
… accommodation could be small or large. maybe remote desktop or browser stuff
… may want to consider for L3
MMiller: not much of a jump to a bad actor doing something with remote session
agl: FIDO has a proximity assumption
… it has some idea they are sending to the correct machine.
agl: no magic answer
bradley: would a remote software you could have a desktop authenticator, but this is probably long way down the road
jeremy: clarification. do we care about proximity or is it channel binding
agl: explains proximity and FIDO and remote
jeremy: i don't see channel binding in this.
… proximity is hard to measure
… trying to think about this in new ways
lundberg: physical proximity is less relevant than if reg. ceremony is mediated by the browser.
jeremy: you could today forward a USB device, you extend the channel, hopefully over a secure connection
jeffh: proximity thing is between user and authenticator they actually touch. we have that. it is transitive auth. down to remote machine
bradley: seen interesting work on remoting
jeremy: would this then relate to VMware
… are there issues with this
bradley: doesn't always work. failure is remote software in my ming
jeremy: what is the spec clarifying
<matthewmiller> ^ that was me lol
akshay: we would be looking to local platform for RP, but won't use remote platform authenticator, phishing would be a real problem
agl: that matches our expectations.
… details wouldn't be that clear
… chrome has had this for a decade. have to work on the functionality.
tony: anymore to discuss?