W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Consider dropping requirement for TUP on create()

From: Ibrahim Damlaj via GitHub <sysbot+gh@w3.org>
Date: Mon, 02 Oct 2017 17:27:32 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-333604274-1506965238-sysbot+gh@w3.org>
I support dropping the TUP requirement for platform (built-in authenticators).

We should do this only if excludeCredentials.length == 0, otherwise a relying party may silently query for credentials via the excludeCredentials parameter.

-- 
GitHub Notification of comment by idamlaj
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/564#issuecomment-333604274 using your GitHub account
Received on Monday, 2 October 2017 17:28:16 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC