W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2016

Re: [webauthn] Privacy across Account IDs

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Sat, 17 Sep 2016 07:18:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-247754716-1474096735-sysbot+gh@w3.org>
Doesn't that just create another attack where the bad guy can find out
 which credential IDs map to which account IDs?

I think you express a valid concern BTW, just trying to figure out if 
there is any way to solve it without just displacing the problem.

-- 
GitHub Notification of comment by vijaybh
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/204#issuecomment-247754716 
using your GitHub account
Received on Saturday, 17 September 2016 07:19:17 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:22 UTC