W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2017

Re: [webauthn] Consider allowing authenticators to randomise signed hashes.

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Tue, 29 Aug 2017 07:45:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-325582425-1503992720-sysbot+gh@w3.org>
When receiving a signatureCounter, the relying party should 
a) compare that the value is greater than the previously stored one and
b) store the new value.

When putting random data in the field, the RP would have to understand when to ignore the counter value.  
This makes it more complicated for the RP.

I propose to close this issue as won't fix.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/453#issuecomment-325582425 using your GitHub account
Received on Tuesday, 29 August 2017 07:45:26 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC