CredentialID are supposed to be globally unique. Without that, these cannot be used as globally index in the database and that's how MS has implemented it being very privacy oriented where we are not using userid. You cannot have single byte key index. We should define a minimum length for credential ID length and its randomness if there is any confusion. If RP's sees a duplicate during makeCredential time and are having a global index based on credentialID they should reject the registration and start again. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/pull/558#issuecomment-331407254 using your GitHub accountReceived on Friday, 22 September 2017 10:07:54 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC