W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2021

[w3c/webauthn] eafdd2: Tighten requirements for rejecting duplicate crede...

From: Adam Langley <noreply@github.com>
Date: Wed, 15 Dec 2021 12:06:29 -0800
To: public-webauthn@w3.org
Message-ID: <w3c/webauthn/push/refs/heads/main/92a229-1ed258@github.com>
  Branch: refs/heads/main
  Home:   https://github.com/w3c/webauthn
  Commit: eafdd20b1ef30d09c2588df150b6db67bd925cb9
      https://github.com/w3c/webauthn/commit/eafdd20b1ef30d09c2588df150b6db67bd925cb9
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2021-11-05 (Fri, 05 Nov 2021)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Tighten requirements for rejecting duplicate credential IDs.

The existing wording suggests rejecting registrations with duplicate
credential IDs, but says that sites may replace the record if they wish.
But accidential duplicate credential IDs aren't worth worrying about and
it's safer to always reject duplicates.

Include a note with the reasoning so that sites who don't want to do
this check can at least think about the implications.

Fixes #1679


  Commit: 7038a5c9486c0341b810671433be6a1cc7ffab8a
      https://github.com/w3c/webauthn/commit/7038a5c9486c0341b810671433be6a1cc7ffab8a
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2021-11-19 (Fri, 19 Nov 2021)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Apply Jeff's suggestion

Co-authored-by: Lucas Garron <code@garron.net>


  Commit: acf471c691d6ddade93b718a7470a1805b9c6c11
      https://github.com/w3c/webauthn/commit/acf471c691d6ddade93b718a7470a1805b9c6c11
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2021-11-19 (Fri, 19 Nov 2021)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Address Lucas and Emil's comments


  Commit: eae134f8596844b88f9804437441ee0a3de52ea0
      https://github.com/w3c/webauthn/commit/eae134f8596844b88f9804437441ee0a3de52ea0
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2021-12-01 (Wed, 01 Dec 2021)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Apply Jeff's change

Co-authored-by: =JeffH <jdhodges@google.com>


  Commit: a15438be35a08f6fb7f4c797895aea23088a3e0d
      https://github.com/w3c/webauthn/commit/a15438be35a08f6fb7f4c797895aea23088a3e0d
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2021-12-01 (Wed, 01 Dec 2021)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Apply Jeff's change

Co-authored-by: =JeffH <jdhodges@google.com>


  Commit: 1ed258fc0f27efe39f0d548c60a9eb6dcf9fa374
      https://github.com/w3c/webauthn/commit/1ed258fc0f27efe39f0d548c60a9eb6dcf9fa374
  Author: Adam Langley <agl@google.com>
  Date:   2021-12-15 (Wed, 15 Dec 2021)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #1680 from agl/noselfsign

Tighten requirements for rejecting duplicate credential IDs.


Compare: https://github.com/w3c/webauthn/compare/92a2295b0895...1ed258fc0f27
Received on Wednesday, 15 December 2021 20:06:41 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC