- From: Nick Doty via GitHub <sysbot+gh@w3.org>
- Date: Fri, 07 Sep 2018 21:21:45 +0000
- To: public-webauthn@w3.org
> revealing this data only post authentication is a substantial mitigation. > > To be precise, it doesn't look to me like that's what's being proposed. I'm guessing that what @jcjones meant by > > [...] this mechanism [...] is only available after the user explicitly intervenes w/ the authentication ceremony > > is that it only happens after the user confirms consent to proceed with the registration operation. Thank you for clarifying and being more precise than I was. What I meant to say is that it's a valuable mitigation that the data is accessible only after user intervention and consent, rather than available in a drive-by/background context. -- GitHub Notification of comment by npdoty Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1050#issuecomment-419569085 using your GitHub account
Received on Friday, 7 September 2018 21:21:46 UTC