[webauthn] Pull Request: Add privacy considerations about credential IDs from Emil Lundberg via GitHub on 2019-07-01 (public-webauthn@w3.org from July 2019)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 01 Jul 2019 14:53:43 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-293377570-1561992822-sysbot+gh@w3.org>

emlun has just submitted a new pull request for https://github.com/w3c/webauthn:

== Add privacy considerations about credential IDs ==
Fixes #1246.

Things to consider:

- Does this belong in the spec or in separate explainer documentation?
- Is this unnecessarily verbose?
- This is all conjecture as I'm not aware of any quantification of the severity of this kind of information leak, nor of how effective the suggested mitigation would be. Should we refrain from putting that in?

See https://github.com/w3c/webauthn/pull/1250

Received on Monday, 1 July 2019 14:53:45 UTC