Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague from Akshay Kumar via GitHub on 2017-09-22 (public-webauthn@w3.org from September 2017)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Fri, 22 Sep 2017 10:48:12 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331415028-1506077280-sysbot+gh@w3.org>

For the RP's who have implemented or are going to implement ONLY credentialID based lookup, uniqueness of the credentialID is very important. I would suggest it to be minimum of 16 bytes.

At the same time, we probably should refrain away from how its generated which allows flexibility and inventiveness for the authenticators. 

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/579#issuecomment-331415028 using your GitHub account

Received on Friday, 22 September 2017 10:48:08 UTC