- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 Jan 2018 18:35:34 +0000
- To: public-webauthn@w3.org
Decided on 2018-01-17 call to close this. With #655 and #687 merged, and #613 in progress, this should no longer be an issue. Previously the operations would check at one instant what authenticators are available, ask the user for consent if any are applicable, or otherwise immediately return failure. Currently, the operations start a timer and do not return failure before the timeout expires. With this, the side channel of timing information allowing identification without consent should be eliminated. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/184#issuecomment-358399791 using your GitHub account
Received on Wednesday, 17 January 2018 18:35:36 UTC