Re: [webauthn] Add privacy considerations about credential IDs (#1250) from Emil Lundberg via GitHub on 2019-09-05 (public-webauthn@w3.org from September 2019)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Sep 2019 13:46:06 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-528372362-1567691164-sysbot+gh@w3.org>

@maxhata I don't think I quite understand what you mean, but I changed the quoted sentence to

>In this case the `allowCredentials` argument risks leaking personally identifying information, since it exposes the user’s credential IDs to an unauthenticated caller.

This is both more general by not emphasising a particular interaction flow, and more precise in what the problem is, and I think it should also address your concern, right?

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1250#issuecomment-528372362 using your GitHub account

Received on Thursday, 5 September 2019 13:46:07 UTC