W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2021

[webauthn] Pull Request: Tighten requirements for rejecting duplicate credential IDs.

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Fri, 05 Nov 2021 21:38:00 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-774602236-1636148279-sysbot+gh@w3.org>
agl has just submitted a new pull request for https://github.com/w3c/webauthn:

== Tighten requirements for rejecting duplicate credential IDs. ==
The existing wording suggests rejecting registrations with duplicate
credential IDs, but says that sites may replace the record if they wish.
But accidential duplicate credential IDs aren't worth worrying about and
it's safer to always reject duplicates.

Include a note with the reasoning so that sites who don't want to do
this check can at least think about the implications.

Fixes #1679

See https://github.com/w3c/webauthn/pull/1680


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 5 November 2021 21:38:02 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC