W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2020

Re: [webauthn] largeBlob storage extension can be used to bypass 3p storage restrictions (#1518)

From: Pranjal Jumde via GitHub <sysbot+gh@w3.org>
Date: Mon, 16 Nov 2020 18:50:08 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-728255022-1605552606-sysbot+gh@w3.org>
Thanks for the quick response @emlun - 

As I understand, let say user registration on `foo.com` creates a blob in the authenticator for `foo.com`. iframes of `foo.com` embedded on different sites using the `blob` in the authenticator `foo.com` can track users across sites. 

Let me know if I'm missing something. 

GitHub Notification of comment by jumde
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1518#issuecomment-728255022 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 16 November 2020 18:50:09 UTC

This archive was generated by hypermail 2.4.0 : Monday, 16 November 2020 18:50:10 UTC