Dan: hadley left a comment.. I can't see any issue, looks like a small thing, recommend we close approved, small delta to existing spec. If anything it adds security.

Peter: there was something weird about where the minpinlength is specified, only works for certain origins or something. Last paragraph..

Dan: now I'm re-reading that I'm realising what explicitly preconfigured means. I had assumed it meant something like a header. But ..

Peter: set on the key through some out of band mechanism.

Dan: what do they mean by preconfigured? Sending special ctap messagse to the security key..

Peter: not exposed over the internet. A company can preconfigure the key..

Dan: that's okay. As long as it doesn't require some kind of allowlist in the browser that makes sense. Those keys need to be configured somehow, out of band.

Peter: if it's purely on the key... i think this is okay. Okay closing this.

Dan: [closed]

Breakout C

Dan: reopened same-origin preredinger triggered by speculation rules because speculation rules was brought into wicg. There are a lot of potential unintended consequences of trying to prerender something. A lot we could think of were taken into account in the spec and explainer. They had a good story around privacy and security. Choice on what to prerender shouldn't happen based on knowledge the client might have, and things like that. The issues still remains what's the story with speculation rules - no signals. We have new contacts for it.

Dan: we discussed it, seems like a small change, but they want us to review. If we think its fine we just need to say that. Make it a short review.