Re: [webauthn] RPs cannot show "You've Already Registered This Authenticator" Message from Emil Lundberg via GitHub on 2018-02-16 (public-webauthn@w3.org from February 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 16 Feb 2018 21:35:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-366364941-1518816920-sysbot+gh@w3.org>

Oh, right, if the EXCLUDED response from the authenticator is now guaranteed to have collected consent first, then the information leak I was talking about shouldn't happen and I see no problem with returning a unique error before the timeout ends.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/806#issuecomment-366364941 using your GitHub account

Received on Friday, 16 February 2018 21:35:23 UTC