Re: [webauthn] largeBlob storage extension can be used to bypass 3p storage restrictions (#1518) from Ken Buchanan via GitHub on 2020-11-17 (public-webauthn@w3.org from November 2020)

From: Ken Buchanan via GitHub <sysbot+gh@w3.org>
Date: Tue, 17 Nov 2020 18:03:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-729103780-1605636209-sysbot+gh@w3.org>

It is also worth pointing out that tracking implications of WebAuthn availability in cross-origin iframes were discussed in issues #911 and #1336. Credentials are already user-identifying, so as @emlun mentions it isn't clear how largeBlob changes anything about the concerns raised there.

-- 
GitHub Notification of comment by kenrb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1518#issuecomment-729103780 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 17 November 2020 18:03:32 UTC