W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2017

Re: [webauthn] Fix #720: Don't return user handle in 2nd factor mode

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Sun, 24 Dec 2017 22:59:22 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-353806589-1514156361-sysbot+gh@w3.org>
Wait - actually, the response processing server (ResPS) needs to be able to verify that the returned `challenge` equals that sent to the client, so there needs to be some trusted communication path between the request processing server (ReqPS) and the ResPS so the ResPS can obtain the `challenge` from the ReqPS. Could that message then not also contain the user ID (if known, i.e. in 2nd factor mode)?

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/730#issuecomment-353806589 using your GitHub account
Received on Sunday, 24 December 2017 22:59:23 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:30 UTC