W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2019

Re: [webauthn] Specify if clients are expected to follow redirects for icon URLs (#1285)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 28 Aug 2019 19:22:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-525886648-1567020172-sysbot+gh@w3.org>
For practical purposes, no user agent is going to actively fetch these icons, as they would be potent correlation mechanisms for resident credentials -- after so much effort is taken elsewhere in the specification to avoid correlation.

Perhaps the right thing to do here is to amend the definition for these icons to specify that these are only valid if they are `data:` URLs of a valid image type.

-- 
GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1285#issuecomment-525886648 using your GitHub account
Received on Wednesday, 28 August 2019 19:22:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:06 UTC