I agree on the explicitly allowing to refuse a duplicate. I would still add a minimum length requirements and the requirement to use a cryptographic operation. The first one will create lots of bits, I think the second one will guarantee at least as much entropy as the encryption key (again, not a cryptography expert). -- GitHub Notification of comment by jovasco Please view or discuss this issue at https://github.com/w3c/webauthn/issues/579#issuecomment-331463967 using your GitHub accountReceived on Friday, 22 September 2017 14:32:48 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC