Re: [webauthn] How to guarantee created resident key is actually received by RP in adverse networking conditions? (#2038) from Arian van Putten via GitHub on 2024-03-26 (public-webauthn@w3.org from March 2024)

From: Arian van Putten via GitHub <sysbot+gh@w3.org>
Date: Tue, 26 Mar 2024 10:52:13 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2020109120-1711450331-sysbot+gh@w3.org>

Is there any way for RPs to protect themselves against misbehaving authenticators that ignore `excludeCredentials` like safari? Because now this problem is even more bad. I can get complete account lockout on an existing account if I disconnect my wifi whilst registering a passkey.

-- 
GitHub Notification of comment by arianvp
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2038#issuecomment-2020109120 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 26 March 2024 10:52:14 UTC