W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Tighten security scope by port

From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
Date: Tue, 24 Apr 2018 10:01:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-383875805-1524564062-sysbot+gh@w3.org>
We don't want to allow `example.com` <> `www.example.com` either, but it's there for some things due to cookies primarily. Unfortunately WebAuthn adopted that model, due to having to be compatible with cookies. The question is then if we can add some restrictions back to make the attack space less open-ended.

-- 
GitHub Notification of comment by annevk
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/873#issuecomment-383875805 using your GitHub account
Received on Tuesday, 24 April 2018 10:01:07 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC