Sure. But only the actual RP will get it back, and if you have the credential ID (and can masquerade as the RP) you already have the corresponding account, right? Do we really need to limit this? -- GitHub Notification of comment by christiaanbrand Please view or discuss this issue at https://github.com/w3c/webauthn/pull/558#issuecomment-330924503 using your GitHub accountReceived on Wednesday, 20 September 2017 17:33:48 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC