Re: [webauthn] Privacy concerns with blacklist/whitelist from =JeffH via GitHub on 2018-01-19 (public-webauthn@w3.org from January 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 19 Jan 2018 18:32:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-359051104-1516386761-sysbot+gh@w3.org>

Actually, in reviewing this and issue #204 and the the PRs  #655, #687, #613 (mentioned by @emlun [above](https://github.com/w3c/webauthn/issues/184#issuecomment-358399791)), I agree that the "If I call getAssertion() with a whitelist..." portion of @hillbrad's [original post (OP)](https://github.com/w3c/webauthn/issues/184#issue-172995756) is addressed (yay!).

However, it seems that in closing this issue, we overlooked that we have not addressed the other portion of the OP:
> If I call makeCredential() with a blacklist, is it clear to the user that the blacklist may reveal other identities they have registered with the site previously?

Though, issue #204 is specifically in regards to the latter, and remains open at this time, so I'm thinking we can leave this particular issue closed, and rectify this oversight by addressing #204. 




-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/184#issuecomment-359051104 using your GitHub account

Received on Friday, 19 January 2018 18:32:45 UTC