Re: [webauthn] The risk of attacker may can identify whether if the account support FIDO or not (#1475) from Ki-Eun Shin via GitHub on 2020-08-28 (public-webauthn@w3.org from August 2020)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Fri, 28 Aug 2020 10:06:18 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-682443058-1598609177-sysbot+gh@w3.org>

This risk is also true for RK use case. If RPs support passwordless-flow (delivering credential ids during authentication), it still exposes such information to attackers. So, in this case, we might need similar counter measures.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1475#issuecomment-682443058 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 28 August 2020 10:06:25 UTC