Re: [webauthn] Privacy risk from revealing allowed credentials (#1246) from James Manger via GitHub on 2019-07-02 (public-webauthn@w3.org from July 2019)

From: James Manger via GitHub <sysbot+gh@w3.org>
Date: Tue, 02 Jul 2019 11:07:37 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-507629177-1562065656-sysbot+gh@w3.org>

Given that Chrome requires credential ids (even for resident keys) this affects _every_ 1st-factor WebAuthn use-case. And even if (or when) Chrome supports omitting the allowed credentials list, the issue still occurs unless websites are willing to block all non-resident authenticators, fracturing the ecosystem.

-- 
GitHub Notification of comment by manger
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1246#issuecomment-507629177 using your GitHub account

Received on Tuesday, 2 July 2019 11:07:39 UTC