- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 15 Dec 2021 20:06:19 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by agl to https://github.com/w3c/webauthn: * Tighten requirements for rejecting duplicate credential IDs. The existing wording suggests rejecting registrations with duplicate credential IDs, but says that sites may replace the record if they wish. But accidential duplicate credential IDs aren't worth worrying about and it's safer to always reject duplicates. Include a note with the reasoning so that sites who don't want to do this check can at least think about the implications. Fixes #1679 by Adam Langley https://github.com/w3c/webauthn/commit/eafdd20b1ef30d09c2588df150b6db67bd925cb9 * Apply Jeff's suggestion Co-authored-by: Lucas Garron <code@garron.net> by Adam Langley https://github.com/w3c/webauthn/commit/7038a5c9486c0341b810671433be6a1cc7ffab8a * Address Lucas and Emil's comments by Adam Langley https://github.com/w3c/webauthn/commit/acf471c691d6ddade93b718a7470a1805b9c6c11 * Apply Jeff's change Co-authored-by: =JeffH <jdhodges@google.com> by Adam Langley https://github.com/w3c/webauthn/commit/eae134f8596844b88f9804437441ee0a3de52ea0 * Apply Jeff's change Co-authored-by: =JeffH <jdhodges@google.com> by Adam Langley https://github.com/w3c/webauthn/commit/a15438be35a08f6fb7f4c797895aea23088a3e0d * Merge pull request #1680 from agl/noselfsign Tighten requirements for rejecting duplicate credential IDs. by Adam Langley https://github.com/w3c/webauthn/commit/1ed258fc0f27efe39f0d548c60a9eb6dcf9fa374 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 15 December 2021 20:06:21 UTC