- From: Nick Doty via GitHub <sysbot+gh@w3.org>
- Date: Fri, 07 Sep 2018 20:37:31 +0000
- To: public-webauthn@w3.org
👍 that revealing this data only post authentication is a substantial mitigation. A couple questions: 1. How is the sequence of transports to be ordered (beyond the first transport, which is the one that was used for authenticating)? Non-functional ordering differences have been used in the past to fingerprint users without any functional benefit. 2. One suggested mitigation is to provide a "generic value", but it seems like `AuthenticatorTransport` is an enum without any generic values. Does the enum need an "unknown"/"generic" value added? Or does the IDL allow implementers to return a value not in the specified enumeration? -- GitHub Notification of comment by npdoty Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1050#issuecomment-419558950 using your GitHub account
Received on Friday, 7 September 2018 20:37:32 UTC