W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2021

[webauthn] new commits pushed by agl

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 15 Dec 2021 20:06:19 +0000
To: public-webauthn@w3.org
Message-ID: <push-1ed258fc0f27efe39f0d548c60a9eb6dcf9fa374-1639598777-sysbot+gh@w3.org>

The following commits were just pushed by agl to https://github.com/w3c/webauthn:

* Tighten requirements for rejecting duplicate credential IDs.

The existing wording suggests rejecting registrations with duplicate
credential IDs, but says that sites may replace the record if they wish.
But accidential duplicate credential IDs aren't worth worrying about and
it's safer to always reject duplicates.

Include a note with the reasoning so that sites who don't want to do
this check can at least think about the implications.

Fixes #1679
  by Adam Langley
https://github.com/w3c/webauthn/commit/eafdd20b1ef30d09c2588df150b6db67bd925cb9

* Apply Jeff's suggestion

Co-authored-by: Lucas Garron <code@garron.net>
  by Adam Langley
https://github.com/w3c/webauthn/commit/7038a5c9486c0341b810671433be6a1cc7ffab8a

* Address Lucas and Emil's comments
  by Adam Langley
https://github.com/w3c/webauthn/commit/acf471c691d6ddade93b718a7470a1805b9c6c11

* Apply Jeff's change

Co-authored-by: =JeffH <jdhodges@google.com>
  by Adam Langley
https://github.com/w3c/webauthn/commit/eae134f8596844b88f9804437441ee0a3de52ea0

* Apply Jeff's change

Co-authored-by: =JeffH <jdhodges@google.com>
  by Adam Langley
https://github.com/w3c/webauthn/commit/a15438be35a08f6fb7f4c797895aea23088a3e0d

* Merge pull request #1680 from agl/noselfsign

Tighten requirements for rejecting duplicate credential IDs.
  by Adam Langley
https://github.com/w3c/webauthn/commit/1ed258fc0f27efe39f0d548c60a9eb6dcf9fa374



-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 15 December 2021 20:06:21 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC