W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Sun, 24 Sep 2017 09:33:20 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331698454-1506245588-sysbot+gh@w3.org>
If RPs are recommended that they SHOULD refuse duplicate credential IDs I think it's not necessary to specify any minimum length or entropy for the credential ID. The worst that would happen is a bad user experience with badly designed authenticators, and that's on the authenticator designer if that's worth ignoring the SHOULD clause.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/579#issuecomment-331698454 using your GitHub account
Received on Sunday, 24 September 2017 09:33:11 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC