- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 25 Jul 2018 21:16:14 +0000
- To: public-webauthn@w3.org
in examining webauthn's [S 5.1.3. `[[Create]]()` method (aka #createCredential)](https://w3c.github.io/webauthn/#createCredential) and [S 5.1.4.1. `[[DiscoverFromExternalSource]]()` method (aka #getAssertion)](https://w3c.github.io/webauthn/#discover-from-external-source), they both seem to always return a credential, or some form of error, and never return `null`. so +1 to @AngeloKai.
So, _without_ having gone and refreshed myself wrt the privacy subtleties that @emlun notes up above in https://github.com/w3c/webauthn/issues/876#issuecomment-383946531, it sorta seems to me we ought leave webauthn as-is for now and submit an issue on credman to the effect that expecting the tri-state {credential, `null`, error} return value possibilities has privacy issues and perhaps it ought to be two-state {credential, error} (as webauthn's algs are presently).
WDYT?
--
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/876#issuecomment-407898534 using your GitHub account
Received on Wednesday, 25 July 2018 21:16:22 UTC