W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2021

Re: [webauthn] Prevent browsers from deleting "server-side credentials" for the RP (#1569)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Tue, 09 Feb 2021 04:15:35 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-775649882-1612844134-sysbot+gh@w3.org>
One not-so-crazy option would be to recommend that RPs with existing security key user handles generate a second user handle to be used for passwordless registrations (and maybe a third for usernameless registrations, if that's not covered by "passwordless"?). However, this seems like a rather annoying responsibility to heap on RPs when it could be fixed at the spec or browser level.

GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1569#issuecomment-775649882 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 9 February 2021 04:15:37 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 9 February 2021 04:15:38 UTC