[webauthn] Merged Pull Request: Add privacy considerations about credential IDs from Akshay Kumar via GitHub on 2019-10-09 (public-webauthn@w3.org from October 2019)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Wed, 09 Oct 2019 19:06:29 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.closed-293377570-1570647988-sysbot+gh@w3.org>

akshayku has just merged emlun's pull request 1250 for https://github.com/w3c/webauthn:

== Add privacy considerations about credential IDs ==
Fixes #1246. Fixes #1311.

Things to consider:

- Does this belong in the spec or in separate explainer documentation?
- Is this unnecessarily verbose?
- This is all conjecture as I'm not aware of any quantification of the severity of this kind of information leak, nor of how effective the suggested mitigation would be. Should we refrain from putting that in?


<!--
    This comment and the below content is programatically generated.
    You may add a comma-separated list of anchors you'd like a
    direct link to below (e.g. #idl-serializers, #idl-sequence):

    Don't remove this comment or modify anything below this line.
    If you don't want a preview generated for this pull request,
    just replace the whole of this comment's content by "no preview"
    and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/pull/1250.html" title="Last updated on Oct 8, 2019, 10:53 AM UTC (e7e11c4)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/1250/4b36388...e7e11c4.html" title="Last updated on Oct 8, 2019, 10:53 AM UTC (e7e11c4)">Diff</a>

See https://github.com/w3c/webauthn/pull/1250

Received on Wednesday, 9 October 2019 19:06:31 UTC