Re: [webauthn] impl guidelines for signature counter

In implementation considerations 2.6 the counter should start at 0.

In the limited tests I can do with the uninitialized key I have it send one for the first authentication but I am guessing that just happened to be one vendors implementation.

A key sending 0 would be perfectly valid according to my reading of the spec, and I would probably have interpreted it that way.  

I think the better solution is to ignore all negative numbers in verification as those don't support a counter.   That lets people use a negative random value to protect against power analysis if they want, and it will be ignored by the verifier.   Basically Jakobs proposal.

GitHub Notification of comment by ve7jtb
Please view or discuss this issue at using your GitHub account

Received on Friday, 8 September 2017 16:48:47 UTC