- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 16 Feb 2018 20:47:56 +0000
- To: public-webauthn@w3.org
@agl wrote: > I'm happy with any coherent stance although I will note that not worrying about a compromised origin context makes things simpler. agreed. > Also, the user fundamentally interacts via the DOM so, if there's attacker Javascript running in the origin, it can wait until the user has authenticated and then simulate whatever actions it wishes on behalf of the authenticated user. Ah, yes, sigh. > Thus protecting against it in webauthn doesn't clearly translate to any obvious practice gain agreed. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/803#issuecomment-366353951 using your GitHub account
Received on Friday, 16 February 2018 20:47:59 UTC