W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2017

[webauthn] Describe attacks on privacy that are allowed/prevented

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Wed, 15 Mar 2017 15:43:46 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-214432678-1489592624-sysbot+gh@w3.org>
jyasskin has just created a new issue for https://github.com/w3c/webauthn:

== Describe attacks on privacy that are allowed/prevented ==
Several issues and proposed changes are motivated by privacy concerns, but I don't see a list of what private information we want to expose vs keep hidden. For example, attestation implies that we want to expose the brand of authenticator the user owns, and parts of #379 imply that we want to be able to hide that the user's hardware supports authentication until they consent.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/382 using your GitHub account
Received on Wednesday, 15 March 2017 15:43:52 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:25 UTC