W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2019

[webauthn] Can't exclude U2F credentals (#1235)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 12 Jun 2019 19:22:37 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-455382736-1560367355-sysbot+gh@w3.org>
agl has just created a new issue for https://github.com/w3c/webauthn:

== Can't exclude U2F credentals ==
There's no `appid` extension when making a credential. Therefore the excludeList, if any, is only excluding WebAuthn credentials. So sites doing the transition cannot exclude authenticators by U2F credential ID.

We could fix this in WebAuthn if we wished. From the call of 2019-06-12, it's not yet clear how people feel about it.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1235 using your GitHub account
Received on Wednesday, 12 June 2019 19:22:38 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:37 UTC