Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague

For the RP's who have implemented or are going to implement ONLY credentialID based lookup, uniqueness of the credentialID is very important. I would suggest it to be minimum of 16 bytes.

At the same time, we probably should refrain away from how its generated which allows flexibility and inventiveness for the authenticators. 

GitHub Notification of comment by akshayku
Please view or discuss this issue at using your GitHub account

Received on Friday, 22 September 2017 10:48:08 UTC