Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague from Johan Verrept via GitHub on 2017-09-22 (public-webauthn@w3.org from September 2017)

From: Johan Verrept via GitHub <sysbot+gh@w3.org>
Date: Fri, 22 Sep 2017 14:32:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331463967-1506090765-sysbot+gh@w3.org>

I agree on the explicitly allowing to refuse a duplicate.

I would still add a minimum length requirements and the requirement to use a cryptographic operation. The first one will create lots of bits, I think the second one will guarantee at least as much entropy as the encryption key (again, not a cryptography expert).

-- 
GitHub Notification of comment by jovasco
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/579#issuecomment-331463967 using your GitHub account

Received on Friday, 22 September 2017 14:32:48 UTC