Re: [webauthn] Give each authenticator a GUID and add an option to CredentialsContainer: create method to return this GUID if user permits (#2263) from Firstyear via GitHub on 2025-02-21 (public-webauthn@w3.org from February 2025)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Fri, 21 Feb 2025 05:01:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2673453249-1740114099-sysbot+gh@w3.org>

Authenticator GUID is the same as AAGUID. 

There is no Authenticator UUID that you want.

You can not fingerprint unique webauthn authenticators.

What you want to achieve is *not possible*. I will not say it again. 

If you want to limit account sign ups you need to do it using *other mechanisms*. Stop trying to abuse webauthn to achieve it.

End of story. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2263#issuecomment-2673453249 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 21 February 2025 05:01:42 UTC