Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague from Ki-Eun Shin via GitHub on 2017-09-25 (public-webauthn@w3.org from September 2017)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Mon, 25 Sep 2017 01:35:11 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331756106-1506303299-sysbot+gh@w3.org>

In cases of UAF, the credential Id (called keyId) is unique in the scope of aaguid (called AAID). We cannot guarantee that the credential Ids are unique across all authenticators. For usability, the server may check duplication of credential Ids in the scope aaguid instead of looking up all records.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/579#issuecomment-331756106 using your GitHub account

Received on Monday, 25 September 2017 01:35:02 UTC