[w3c/webauthn] c7e44f: Add privacy considerations about credential IDs (#... from Emil Lundberg on 2019-10-09 (public-webauthn@w3.org from October 2019)

From: Emil Lundberg <noreply@github.com>
Date: Wed, 09 Oct 2019 12:06:29 -0700
To: public-webauthn@w3.org
Message-ID: <w3c/webauthn/push/refs/heads/master/00114e-c7e44f@github.com>

  Branch: refs/heads/master
  Home:   https://github.com/w3c/webauthn
  Commit: c7e44f6f91632b9847394d61ed3d6ba8fb2128d4
      https://github.com/w3c/webauthn/commit/c7e44f6f91632b9847394d61ed3d6ba8fb2128d4
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2019-10-09 (Wed, 09 Oct 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Add privacy considerations about credential IDs (#1250)

* Apply suggestions from code review

Co-Authored-By: =JeffH <jdhodges@google.com>

* Fix whitespace

* Suggest session cookie as mitigation

* Fix pluralisation

* Add note of identifying authenticator owner from credential IDs

* Address @manger's comment about 'single-factor'

* Make reason for credID privacy leak more precise and general

* Focus privacy leak more on second-factor than non-resident keys

Received on Wednesday, 9 October 2019 19:06:31 UTC