- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Tue, 02 Jan 2018 17:28:57 +0000
- To: public-webauthn@w3.org
I asked internally about cbrand's concerns here and I understand them to be centered around the case where a 2nd-factor token is found by someone. It would be good for that not to essentially disclose their username in the 2nd-factor case. Such a concern would thus have to be focused on CTAP2 rather than webauthn. So I don't think we have any unexpected concerns here. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/pull/730#issuecomment-354822678 using your GitHub account
Received on Tuesday, 2 January 2018 17:28:59 UTC