- From: Ackermann Yuriy via GitHub <sysbot+gh@w3.org>
- Date: Fri, 07 Feb 2025 10:40:04 +0000
- To: public-webauthn@w3.org
@bigradish That would disclose privacy sensitive information, as well as wont solve anything else. Use can have multiple passkey providers. Each would have to ask user consent, or you will have limited scope, one password manager. User can as well export credential, delete it, register, re-import. Or user can custom credential provider. Or passkey manager decides to lie because of privacy. And again, this does not solves issue of non-discoverable credentials, and security keys. And lastly, what if the same laptop is used by both wife, and husband? In that case you would stop husband from registering? So to summarise: - Technically difficult (or impossible) - Privacy horrible - Easily bypassed - Effectiveness little - Value, little. If you want to prevent users re-registering, aka ensure user uniqueness, aka personhood, KYC like iProve can solve it much better. Again, webauthn is a tool for generating assertions, not account management and enforcement police. -- GitHub Notification of comment by yackermann Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2255#issuecomment-2642555565 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 7 February 2025 10:40:05 UTC