W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] credentials.get() should have optional parameters for userVerification and userPresence

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Oct 2017 20:45:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-335942748-1507754739-sysbot+gh@w3.org>
Thinking more about this, doesn't silent signatures problematic as they leak information without user knowing? 

How does one make sure that, user has given consent the first time and then it can be used at later stage without user presence but no silent signatures without user consent at some earlier time?

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/629#issuecomment-335942748 using your GitHub account
Received on Wednesday, 11 October 2017 20:45:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC