Re: [webauthn] Add privacy consideration about terminating getAssertion early from =JeffH via GitHub on 2018-01-19 (public-webauthn@w3.org from January 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 19 Jan 2018 18:33:56 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-359051421-1516386835-sysbot+gh@w3.org>

@emlun wrote in https://github.com/w3c/webauthn/pull/687#issuecomment-350059267:
> Yes, this fixes #184 and #204, assuming I'm right in interpreting #204 as raising the same concern as #184.

Actually, upon further review, I _do not believe_ this PR addressed issue #204, because the latter is in regards to [#createCredential](https://w3c.github.io/webauthn/#createCredential) aka `[[Create]]`, and this PR addressed privacy concerns at authentication time i.e. [#getAssertion](https://w3c.github.io/webauthn/#getAssertion) aka `[[DiscoverFromExternalSource]]` aka "[authentication ceremonies](https://w3c.github.io/webauthn/#sec-assertion-privacy)".   See also https://github.com/w3c/webauthn/issues/184#issuecomment-359051104

So we still have #204 to address.

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/687#issuecomment-359051421 using your GitHub account

Received on Friday, 19 January 2018 18:33:57 UTC