Content
@
0 reply
0 recast
0 reaction
will
@w
out of curiosity, why is user verification not required for webauthn? https://github.com/daimo-eth/daimo/blob/master/packages/contract/src/DaimoVerifier.sol#L66
1 reply
0 recast
2 reactions
✳️ nibnalin on daimo
@nibnalin.eth
The flag is poorly named in the WebAuthn spec — it means Daimo accounts allow for whatever policy the Webauthn authenticator enforces (your password manager like iCloud or GPM) instead of its own. This lets the user pick their own password manager (which may choose to enforce security as it prefers). See the UV webauthn flag — https://github.com/daimo-eth/p256-verifier/blob/master/src/WebAuthn.sol#L53
1 reply
0 recast
10 reactions
will
@w
makes sense, thank you
0 reply
0 recast
0 reaction