Re: [webauthn] Give each authenticator a GUID and add an option to CredentialsContainer: create method to return this GUID if user permits (#2263) from Matthew Miller via GitHub on 2025-02-21 (public-webauthn@w3.org from February 2025)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Fri, 21 Feb 2025 03:38:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2673321827-1740109121-sysbot+gh@w3.org>

This proposal seems very similar to what Device Public Key (DPK) aimed to be. If you weren't here for that, DPK was basically an additional, attestable pseudonymous device-bound keypair that could be returned during registration and authentication to help RPs understand when they'd seen a device before.

For numerous reasons related to potential user privacy issues and RP misuse, DPK never took off. The WebAuthn community has collectively moved on from DPK to work on other, better signals that have less risk of negatively impacting the user's experience.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2263#issuecomment-2673321827 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 21 February 2025 03:38:43 UTC