- From: Jakob Ehrensvärd <jakob@yubico.com>
- Date: Thu, 21 Sep 2017 11:11:14 -0700
- To: Johan Verrept via GitHub <sysbot+gh@w3.org>
- Cc: W3C WebAuthn WG <public-webauthn@w3.org>
> Credential IDs are not guaranteed unique in any way. Unless I missed > something in the specs, it is perfectly valid to store all data locally and > return a single byte key index. Then, I believe I've missed something important here. The credential ID must be a unique identifier, just like the U2F key handle. We make the CTAP2 credential ID equal to the U2F key handle, so a U2F credential can be used with WebAuthN and vice-versa. For resident credentials, we generate a credential ID from the public key, making this a 128-bit identifier. Did I ge this wrong ?
Received on Thursday, 21 September 2017 18:13:52 UTC