W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2016

Re: [webauthn] Credential ID not signed

From: Angelo Liao via GitHub <sysbot+gh@w3.org>
Date: Fri, 18 Nov 2016 23:09:43 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-261666045-1479510581-sysbot+gh@w3.org>
I cannot foresee an attack surface based solely on knowing the 
credential ID either. Credential IDs were designed to be anonymous so 
that an attacker cannot attack without cracking down the signature 
scheme first. Should we consider this issue closed? 

-- 
GitHub Notification of comment by AngeloKai
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/206#issuecomment-261666045 
using your GitHub account
Received on Friday, 18 November 2016 23:09:49 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC