- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 15 Dec 2021 20:06:19 +0000
- To: public-webauthn@w3.org
agl has just merged agl's pull request 1680 for https://github.com/w3c/webauthn:
== Tighten requirements for rejecting duplicate credential IDs. ==
The existing wording suggests rejecting registrations with duplicate
credential IDs, but says that sites may replace the record if they wish.
But accidential duplicate credential IDs aren't worth worrying about and
it's safer to always reject duplicates.
Include a note with the reasoning so that sites who don't want to do
this check can at least think about the implications.
Fixes #1679
<!--
This comment and the below content is programatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/agl/webauthn/pull/1680.html" title="Last updated on Dec 1, 2021, 8:13 PM UTC (eae134f)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/1680/a4b80ad...agl:eae134f.html" title="Last updated on Dec 1, 2021, 8:13 PM UTC (eae134f)">Diff</a>
See https://github.com/w3c/webauthn/pull/1680
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 15 December 2021 20:06:21 UTC