- From: Jakob Ehrensvard via GitHub <sysbot+gh@w3.org>
- Date: Fri, 08 Sep 2017 22:51:53 +0000
- To: public-webauthn@w3.org
I recall someone (could it be Intel ?) considered using something like a 32-bit time_t value for the "counter" and we had a meta-discussion some time back what the strict interpretation of "monotonic" was. Instead of providing a monotonically incrementing counter, the current timestamp is used instead. It does indeed provides "ever increasing numbers". Obviously, a U2F device will never ever be able to create a counter value even close to to a million or so (assuming silent authentication is potentially used). So just using the lower 31 bits seems sensible to me (implicitly allowing for the value 0x00000000). I don't understand the notation of negative counter values. A counter starting at 0 cannot possibly be seen as monotonic if it's considered to be allowed to wrap into negative numbers (reaching 0x7fffffff). The value is a 32-bit unsigned number. We simply postulated in U2F that 16-bits was too low (64k) for the lifetime of a token and therefore went with a 32-bit value. Problem solved. So, if the time_t approach was seen as legitimate, we'll get values with MSB set by now. -- GitHub Notification of comment by jehrensvard Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-328231832 using your GitHub account
Received on Friday, 8 September 2017 22:51:54 UTC