W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Sign counter alg 507

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Fri, 08 Sep 2017 07:47:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-328028179-1504856852-sysbot+gh@w3.org>
One more comment on the counter:
There is one counter instance in the authenticator and according to the U2F spec the U2F authenticators shall initialize the counter with 0.
Further the U2F spec say (with regard to the counter, see https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#authentication-response-message-success):
"This is the big-endian representation of a counter value that the U2F token increments every time it performs an authentication operation"

This sounds to me like a U2F Authenticator (supporting the counter) will never return a counter with value 0. Since the counter is only included in the signature assertion (as result to the first authentication operation).  
But it is true, the U2F is not precise one whether to do the counter imcrement *before* generating the to-be-signed object or *after* it.

So reading the U2F specs I would not expect a signature assertion to contain a counter value of 0 (if the authenticator supports the counter).  
Please correct me if I am wrong.

GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-328028179 using your GitHub account
Received on Friday, 8 September 2017 07:47:40 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC