Nuno Sung

For the RP which want to pass FIDO2 server certification, the 3 algos mentioned above are marked as required, https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-server-v2.0-rd-20180702.html#other I can't say for FIDO if this is an out-of-date...

I think possible approach from RP now is to send 2 make() commands continually with considering privacy and authroization. - make() with the credentialId need to update displayName in excludeCredentials...

> Some protos like CTAP2.1 enforce that if rk was sent from the browser to the device it MUST create an rk or error ( https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#op-makecred-step-rk ) but this may...

Another information for FIPS 140-2 certification on this nrf52840... https://devzone.nordicsemi.com/f/nordic-q-a/39030/is-nrf52840-arm-cryptocell-310-fips-140-2-certified

ctap2 spec allows to create credential w/o using UV (e.g PIN here) and I don't see any problem on the solo key I have (fw v4.0.0) with actual ctap2 command....

I think some points need to consider before adopting this change 1. https://github.com/w3c/webauthn/issues/1595 1. Unknown extensions may not be bypass in client tools/browsers, at least chrome, https://github.com/w3c/webauthn/pull/789#pullrequestreview-95256815 1. Following Fido...

My point is webauthn spec says "Currently one credential type is defined, namely "public-key", [link](https://w3c.github.io/webauthn/#enum-credentialType). And I agree authenticator must ignore unknown IANA COSE Algorithms registry and I think this...

@kaczmarczyck I support your point that a `type` different from `public-key` should be ignored for more compatible with future versions. So I think the [fido-2-specs, PR#1124](https://github.com/fido-alliance/fido-2-specs/issues/1124) is a good change...

Another question, shouldn't this test case (i.e. GetAssertionEmptyUserIdTest ) use rk=true in makeCred command or normal authenticator (w/o force to create rk) won't return any user data in getAssert response.

For this test case after related information from ctap2/webauth, I think the exepected reuslts should be 1. (unchanged) Authenticator MUST accept makCred command with empty user ID with rk. 1....