[webauthn] Describe attacks on privacy that are allowed/prevented from Jeffrey Yasskin via GitHub on 2017-03-15 (public-webauthn@w3.org from March 2017)

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Wed, 15 Mar 2017 15:43:46 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-214432678-1489592624-sysbot+gh@w3.org>

jyasskin has just created a new issue for https://github.com/w3c/webauthn:

== Describe attacks on privacy that are allowed/prevented ==
Several issues and proposed changes are motivated by privacy concerns, but I don't see a list of what private information we want to expose vs keep hidden. For example, attestation implies that we want to expose the brand of authenticator the user owns, and parts of #379 imply that we want to be able to hide that the user's hardware supports authentication until they consent.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/382 using your GitHub account

Received on Wednesday, 15 March 2017 15:43:52 UTC