Daimo

out of curiosity, why is user verification not required for webauthn?

out of curiosity, why is user verification not required for webauthn? https://github.com/daimo-eth/daimo/blob/master/packages/contract/src/DaimoVerifier.sol#L66

The flag is poorly named in the WebAuthn spec — it means Daimo accounts allow for whatever policy the Webauthn authenticator enforces (your password manager like iCloud or GPM) instead of its own. This lets the user pick their own password manager (which may choose to enforce security as it prefers).

See the UV webauthn flag —

The flag is poorly named in the WebAuthn spec — it means Daimo accounts allow for whatever policy the Webauthn authenticator enforces (your password manager like iCloud or GPM) instead of its own. This lets the user pick their own password manager (which may choose to enforce security as it prefers).

See the UV webauthn flag — https://github.com/daimo-eth/p256-verifier/blob/master/src/WebAuthn.sol#L53