Re: [webauthn] Fix #1285 - Remove icons from PublicKeyCredentialEntity (#1337) from Eric Jones via GitHub on 2022-07-24 (public-webauthn@w3.org from July 2022)

From: Eric Jones via GitHub <sysbot+gh@w3.org>
Date: Sun, 24 Jul 2022 21:44:01 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1193399471-1658699039-sysbot+gh@w3.org>

> As discussed in issue #1285, the image URL fields for PublicKeyCredentialEntity, while intended for user interface design, are potent correlation mechanisms if they are downloaded by RPs. RPs would have to take extraordinary care, beyond reasonable measures, to avoid uses by RPs with mal-intent to cross-correlate accounts. It is better for User Agents to use existing origin/icon mechanisms for their UX designs, or to define new such mechanisms as-needed, that are origin-wide rather than provide the possibility to embed detailed tracking information into these URLs.
> 
> [Preview](https://pr-preview.s3.amazonaws.com/jcjones/webauthn/pull/1337.html) | [Diff](https://pr-preview.s3.amazonaws.com/w3c/webauthn/1337/03f8406...jcjones:dbcf596.html)



-- 
GitHub Notification of comment by jonesEric
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1337#issuecomment-1193399471 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 24 July 2022 21:44:03 UTC