the webauthn spec presently cites only the work-in-progress IETF Token Binding specs for purposes of cryptographically binding to the underlying TLS channel. platform support for that spec will be for…
Application-level challenge-response authentication protocols are vulnerable to MITM attacks when not bound to the underlying transport.
Eg., when a client C1 connects to a server S1, that server S1 …