- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 30 Aug 2017 01:12:43 +0000
- To: public-webauthn@w3.org
It would be nicer if the signature counter field were simply marked as opaque. That would allow tokens to randomize it, which some might wish to do in order that the signed message not be a constant for DPA reasons. As is it, the signature counter is a (small) privacy leak and, given the dubious security benefit, presents a larger risk than benefit in my opinion. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-325848822 using your GitHub account
Received on Wednesday, 30 August 2017 01:12:39 UTC