- From: Firstyear via GitHub <noreply@w3.org>
- Date: Mon, 27 Oct 2025 23:33:39 +0000
- To: public-webauthn@w3.org
I wonder if this would be vulnerable to a denial of service? Say that I have a site `https //naughty.server.com` and then I do a related origin request/condition create or whatever combo we are talking about here, then I could potentially replace the users passkeys. I think consideration of malicious actors is needed here. There needs to be some kind of verifiable linkage between the old origin and the new origin you plan to recreate under. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2350#issuecomment-3453774454 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 27 October 2025 23:33:40 UTC