- From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
- Date: Tue, 24 Apr 2018 10:01:03 +0000
- To: public-webauthn@w3.org
We don't want to allow `example.com` <> `www.example.com` either, but it's there for some things due to cookies primarily. Unfortunately WebAuthn adopted that model, due to having to be compatible with cookies. The question is then if we can add some restrictions back to make the attack space less open-ended. -- GitHub Notification of comment by annevk Please view or discuss this issue at https://github.com/w3c/webauthn/issues/873#issuecomment-383875805 using your GitHub account
Received on Tuesday, 24 April 2018 10:01:07 UTC