Re: [webauthn] Specify if clients are expected to follow redirects for icon URLs (#1285) from J.C. Jones via GitHub on 2019-08-28 (public-webauthn@w3.org from August 2019)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 28 Aug 2019 19:22:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-525886648-1567020172-sysbot+gh@w3.org>

For practical purposes, no user agent is going to actively fetch these icons, as they would be potent correlation mechanisms for resident credentials -- after so much effort is taken elsewhere in the specification to avoid correlation.

Perhaps the right thing to do here is to amend the definition for these icons to specify that these are only valid if they are `data:` URLs of a valid image type.

-- 
GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1285#issuecomment-525886648 using your GitHub account

Received on Wednesday, 28 August 2019 19:22:54 UTC