- From: bigradish via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 Dec 2024 02:57:51 +0000
- To: public-webauthn@w3.org
Yes, this is exactly what I want. Why is this a problem? Ought not an RP know this situation? Could you give a use case to prove this is bad? ________________________________ 发件人: Shane Weeden ***@***.***> 发送时间: 2024年12月27日 10:48 收件人: w3c/webauthn ***@***.***> 抄送: bigradish ***@***.***>; Author ***@***.***> 主题: Re: [w3c/webauthn] Add a method to get all the credentials for a rely party on the client device to support the rely party (website) to limit the number of accounts a user can register (Issue #2222) Hi, thank you for your answers. I use pure passkeys to let users register on my site, and hope passkeys can be good at limiting the number of the accounts a user can register. Yes, I mean credential enumeration. I think as a rely party can only get its own credentials, this will not cause bad problems. Do you think so? This is very much a problem since the RP could now tell that the same human owned those multiple accounts. ― Reply to this email directly, view it on GitHub<https://github.com/w3c/webauthn/issues/2222#issuecomment-2563257360>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABBYBYORYJG7O5R6PXMAZ3T2HS5WZAVCNFSM6AAAAABUH3OWDGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNRTGI2TOMZWGA>. You are receiving this because you authored the thread.Message ID: ***@***.***> -- GitHub Notification of comment by bigradish Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2222#issuecomment-2563261917 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 27 December 2024 02:57:52 UTC