W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2019

Re: [webauthn] Add privacy considerations about credential IDs (#1250)

From: Max Hata via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Sep 2019 13:22:08 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-528360576-1567689726-sysbot+gh@w3.org>
There are many other ways to use "ambien credentials". For example, you could store a hash of credentialIDs instead of username. All these cases should be part of this privacy concern since no matter what you do, you end up sending credentialIDs for a get().

GitHub Notification of comment by maxhata
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1250#issuecomment-528360576 using your GitHub account
Received on Thursday, 5 September 2019 13:22:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:07 UTC