W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Sign counter alg 507

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Sep 2017 00:26:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-327042729-1504571204-sysbot+gh@w3.org>
Regarding putting U2F specific section in the PR, I would put RP signature verification section in WebAuthN spec and let platform deal with request/response interop in CTAP spec. I feel CTAP spec is closer to manipulating messages from CTAP request to U2F Request and U2F response to CTAP response.

Regarding randomness in the signature, I would go for a new extension. 

Regarding signature counter value itself, I feel that it is providing a replay attack value to the RP but kind of understand @agl 's concerns too. I feel at this time, this needs more thought and should be separately dealt with in another PR. 

GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-327042729 using your GitHub account
Received on Tuesday, 5 September 2017 00:26:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC