W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Fri, 22 Sep 2017 10:48:12 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331415028-1506077280-sysbot+gh@w3.org>
For the RP's who have implemented or are going to implement ONLY credentialID based lookup, uniqueness of the credentialID is very important. I would suggest it to be minimum of 16 bytes.

At the same time, we probably should refrain away from how its generated which allows flexibility and inventiveness for the authenticators. 

GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/579#issuecomment-331415028 using your GitHub account
Received on Friday, 22 September 2017 10:48:08 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC