W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2017

Re: [webauthn] Sign counter alg 507

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 30 Aug 2017 01:12:43 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-325848822-1504055556-sysbot+gh@w3.org>
It would be nicer if the signature counter field were simply marked as opaque. That would allow tokens to randomize it, which some might wish to do in order that the signed message not be a constant for DPA reasons. As is it, the signature counter is a (small) privacy leak and, given the dubious security benefit, presents a larger risk than benefit in my opinion.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-325848822 using your GitHub account
Received on Wednesday, 30 August 2017 01:12:39 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC