W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2020

Re: [webauthn] largeBlob storage extension can be used to bypass 3p storage restrictions (#1518)

From: Nick Steele via GitHub <sysbot+gh@w3.org>
Date: Wed, 18 Nov 2020 21:04:15 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-729952275-1605733452-sysbot+gh@w3.org>
As @kenrb said, credentials are already user-identifying. If a 3rd party already has that, then they don't need `largeBlob` to identify the user. 

GitHub Notification of comment by nicksteele
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1518#issuecomment-729952275 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 18 November 2020 21:04:22 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 18 November 2020 21:04:22 UTC