W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Sign counter alg 507

From: Jakob Ehrensvard via GitHub <sysbot+gh@w3.org>
Date: Mon, 04 Sep 2017 00:45:09 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-326843309-1504485899-sysbot+gh@w3.org>
Just a comment - counter value 0 is actually valid so 'null' has to be something else here, such as -1 (0xffffffff)

If we should consider changing this scheme, bit 31 (MSB) could potentially be used. If that is set, the lower 31 bits (b0..b30) do not represent a monotonic counter. The authenticator can then insert whatever it wants in the lower bits, such as a randomized nonce.

GitHub Notification of comment by jehrensvard
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-326843309 using your GitHub account
Received on Monday, 4 September 2017 00:45:08 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC