Re: [webauthn] Credential ID not signed

I cannot foresee an attack surface based solely on knowing the 
credential ID either. Credential IDs were designed to be anonymous so 
that an attacker cannot attack without cracking down the signature 
scheme first. Should we consider this issue closed? 

GitHub Notification of comment by AngeloKai
Please view or discuss this issue at 
using your GitHub account

Received on Friday, 18 November 2016 23:09:49 UTC