Re: [webauthn] Specify if clients are expected to follow redirects for icon URLs (#1285) from David Waite via GitHub on 2019-08-28 (public-webauthn@w3.org from August 2019)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Wed, 28 Aug 2019 23:30:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-525961392-1567035038-sysbot+gh@w3.org>

My understanding of the correlation issue is that a client may cache the icon at the conclusion of authentication and registration, but a client will not resolve the icon before authentication using the network due to correlation concerns.

I agree with @lgarron that very few relying parties will manage to fit a usable icon within the 85 bytes you can hypothetically squeeze out of a 128 character data URL. It is more likely they will use a regular URL and let clients deal with the UX of not having an icon.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1285#issuecomment-525961392 using your GitHub account

Received on Wednesday, 28 August 2019 23:30:41 UTC