- From: Martin Thomson <notifications@github.com>
- Date: Wed, 28 Mar 2018 02:31:14 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 28 March 2018 02:31:42 UTC
That's not really true. They carry a unique identifier, and cryptographic proof that that identity is owned by the client. They could be used as a credential, even if that is not the intent in their definition. If the purpose of withholding credentials is to prevent identification, then token bindings count as credentials. If the purpose is to prevent use of those credentials, it's pretty murky. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#issuecomment-376739940
Received on Wednesday, 28 March 2018 02:31:42 UTC