- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Sun, 24 Sep 2017 09:33:20 +0000
- To: public-webauthn@w3.org
If RPs are recommended that they SHOULD refuse duplicate credential IDs I think it's not necessary to specify any minimum length or entropy for the credential ID. The worst that would happen is a bad user experience with badly designed authenticators, and that's on the authenticator designer if that's worth ignoring the SHOULD clause. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/579#issuecomment-331698454 using your GitHub account
Received on Sunday, 24 September 2017 09:33:11 UTC