- From: Arnar Birgisson via GitHub <sysbot+gh@w3.org>
- Date: Fri, 16 Feb 2018 21:39:01 +0000
- To: public-webauthn@w3.org
I'm with agl@ that I don't immediately see practical gain in handling compromised origin contexts. But if we were to do so: >> [agl@] the client's outputs can still be manipulated by the origin context > [equalsJeffH@] I'm not sure how one might guard against that. By putting them in CollectedClientData instead of PublicKeyCredential. -- GitHub Notification of comment by arnar Please view or discuss this issue at https://github.com/w3c/webauthn/issues/803#issuecomment-366365721 using your GitHub account
Received on Friday, 16 February 2018 21:39:03 UTC