W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Sign counter alg 507

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Sep 2017 00:26:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-327042729-1504571204-sysbot+gh@w3.org>
Regarding putting U2F specific section in the PR, I would put RP signature verification section in WebAuthN spec and let platform deal with request/response interop in CTAP spec. I feel CTAP spec is closer to manipulating messages from CTAP request to U2F Request and U2F response to CTAP response.

Regarding randomness in the signature, I would go for a new extension. 

Regarding signature counter value itself, I feel that it is providing a replay attack value to the RP but kind of understand @agl 's concerns too. I feel at this time, this needs more thought and should be separately dealt with in another PR. 

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-327042729 using your GitHub account
Received on Tuesday, 5 September 2017 00:26:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC