W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Sun, 24 Sep 2017 09:33:20 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331698454-1506245588-sysbot+gh@w3.org>
If RPs are recommended that they SHOULD refuse duplicate credential IDs I think it's not necessary to specify any minimum length or entropy for the credential ID. The worst that would happen is a bad user experience with badly designed authenticators, and that's on the authenticator designer if that's worth ignoring the SHOULD clause.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/579#issuecomment-331698454 using your GitHub account
Received on Sunday, 24 September 2017 09:33:11 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC