W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2019

Re: [webauthn] Add privacy considerations about credential IDs (#1250)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Sep 2019 13:46:06 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-528372362-1567691164-sysbot+gh@w3.org>
@maxhata I don't think I quite understand what you mean, but I changed the quoted sentence to

>In this case the `allowCredentials` argument risks leaking personally identifying information, since it exposes the user’s credential IDs to an unauthenticated caller.

This is both more general by not emphasising a particular interaction flow, and more precise in what the problem is, and I think it should also address your concern, right?

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1250#issuecomment-528372362 using your GitHub account
Received on Thursday, 5 September 2019 13:46:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:07 UTC