Re: [webauthn] Clarify 127.0.0.1 in spec (#1204)

> all domain names that resolve to 127.0.0.1 should have the same RP ID

That would mean that processing Webauthn requests depends on doing DNS resolution. And the DNS resolution at what time? At the time of the request? What if a network attacker changes the result after page load? At the time of loading? But loading doesn't have to involve DNS at all. I fear that is unworkable.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1204#issuecomment-489229683 using your GitHub account

Received on Friday, 3 May 2019 20:28:42 UTC