- From: J.C. Jones via GitHub <sysbot+gh@w3.org>
- Date: Wed, 30 Oct 2019 19:53:26 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by jcjones to https://github.com/w3c/webauthn: * Fix #1285 - Remove icons from PublicKeyCredentialEntity As discussed in issue #1285, the image URL fields for PublicKeyCredentialEntity, while intended for user interface design, are potent correlation mechanisms if they are downloaded by RPs. RPs would have to take extraordinary care, beyond reasonable measures, to avoid uses by RPs with mal-intent to cross-correlate accounts. It is better for User Agents to use existing origin/icon mechanisms for their UX designs, or to define new such mechanisms as-needed, that are origin-wide rather than provide the possibility to embed detailed tracking information into these URLs. by J.C. Jones https://github.com/w3c/webauthn/commit/dbcf596676749e996cf02dfb2afc0685e7861c0f * Merge pull request #1337 from jcjones/1285-image_deprecation Fix #1285 - Remove icons from PublicKeyCredentialEntity by J.C. Jones https://github.com/w3c/webauthn/commit/28e8d9d1e5e69470e052b2dcc427a6fa4c50efa9
Received on Wednesday, 30 October 2019 19:53:28 UTC