- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 30 Aug 2017 22:04:55 +0000
- To: public-webauthn@w3.org
@agl/@rlin1 I see the value for signature counts and I think it is providing value in replay attacks and against the proposal of removing this field. Regarding Nonce, I think it has some value especially in case of RSA signatures. I don't see its value as much for ECC signatues. The most natural spot for this, IMO, is the extensions section of authenticatorData. I am proposing extensions sections and I believe this is not applicable in all the cases, some authenticators may not want/need to generate random number every time and can be optional. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-326132555 using your GitHub account
Received on Wednesday, 30 August 2017 22:04:51 UTC