W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2020

Re: [webauthn] Why does credentialId need to be unique across all users? (#1403)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Apr 2020 16:34:08 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-611625067-1586450046-sysbot+gh@w3.org>
Indeed, that shouldn't be a problem. Like you say, the authenticators would have different wrapping keys, so even if they do successfully generate signatures, only one of them would generate a signature that matches the public key registered with the RP. Of course, if the RP has the same credential ID registered with two different public keys, then there would be some room for confusion as discussed earlier.

It seems to me like all questions here have been answered now, so I'll close the issue. You're welcome to re-open it if there are more things you'd like to discuss.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1403#issuecomment-611625067 using your GitHub account
Received on Thursday, 9 April 2020 16:34:10 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC