Re: [webauthn] Cross-origin credential creation in iframes (#1656) from Rouslan Solomakhin via GitHub on 2021-08-04 (public-webauthn@w3.org from August 2021)

From: Rouslan Solomakhin via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Aug 2021 19:41:52 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-892924017-1628106110-sysbot+gh@w3.org>

> getting an assertion through an iframe is not as problematic - as long as we have ethical Issuers and Merchants/PSPs.

@arshadnoor - Out of curiosity, what kind of attacks on FIDO/WebAuth become available with unethical issuers, merchants, and PSPs or in 3rd party contexts?

-- 
GitHub Notification of comment by rsolomakhin
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1656#issuecomment-892924017 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 4 August 2021 19:41:53 UTC