- From: sen via GitHub <sysbot+gh@w3.org>
- Date: Fri, 23 Aug 2024 05:06:40 +0000
- To: public-webauthn@w3.org
From the perspective of decentralized network user authentication, the /.well-known/webauthn file is like providing hackers with a complete target list. Therefore, it is hoped that from the "PublicKeyCredentialCreationOptions" before creating credentials at registration, it can be defined whether origin verification is required. If it is not required, the browser should be informed that any domain can pass the verification. The right to publicly disclose the origins list should be entrusted to the users who make use of it, and hopes that it will be given due attention. -- GitHub Notification of comment by supersensen Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2040#issuecomment-2306300961 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 23 August 2024 05:06:40 UTC