I cannot foresee an attack surface based solely on knowing the credential ID either. Credential IDs were designed to be anonymous so that an attacker cannot attack without cracking down the signature scheme first. Should we consider this issue closed? -- GitHub Notification of comment by AngeloKai Please view or discuss this issue at https://github.com/w3c/webauthn/issues/206#issuecomment-261666045 using your GitHub accountReceived on Friday, 18 November 2016 23:09:49 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC