W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Privacy Considerations should describe risks of storing userID/displayName in "second-factor" authenticators

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Thu, 21 Sep 2017 15:41:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331196631-1506008498-sysbot+gh@w3.org>
I recall Google did the encryption trick with their pairwise identifiers for openID 2, so it can work.

For privacy I agree that credentials without some sort of local pin (or other authenticated unlock) should not provide a display name.

-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/578#issuecomment-331196631 using your GitHub account
Received on Thursday, 21 September 2017 15:41:51 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC