[webauthn] Can't exclude U2F credentals (#1235) from Adam Langley via GitHub on 2019-06-12 (public-webauthn@w3.org from June 2019)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 12 Jun 2019 19:22:37 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-455382736-1560367355-sysbot+gh@w3.org>

agl has just created a new issue for https://github.com/w3c/webauthn:

== Can't exclude U2F credentals ==
There's no `appid` extension when making a credential. Therefore the excludeList, if any, is only excluding WebAuthn credentials. So sites doing the transition cannot exclude authenticators by U2F credential ID.

We could fix this in WebAuthn if we wished. From the call of 2019-06-12, it's not yet clear how people feel about it.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1235 using your GitHub account

Received on Wednesday, 12 June 2019 19:22:38 UTC