Re: [webauthn] RPs cannot show "You've Already Registered This Authenticator" Message from Emil Lundberg via GitHub on 2018-02-16 (public-webauthn@w3.org from February 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 16 Feb 2018 20:20:07 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-366347339-1518812405-sysbot+gh@w3.org>

This limitation is by design, as discussed extensively in #184, #204, #764, https://github.com/w3c/webauthn/pull/687#issuecomment-359087435 , https://github.com/w3c/webauthn/issues/629#issuecomment-336410724 . In summary: providing this information would allow malicious RPs to reliably identify (i.e., track) the user without consent.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/806#issuecomment-366347339 using your GitHub account

Received on Friday, 16 February 2018 20:20:10 UTC