W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Sign counter alg 507

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Fri, 08 Sep 2017 19:07:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-328188990-1504897640-sysbot+gh@w3.org>
> In this case, we will have to define a different value for "counter not supported". It could be -1=ffffffff

Are you sure? For the initial signature from a token, the counter can be zero even though a counter is supported. However, special handling is still needed in this case because, obviously, the expected counter value cannot be less than zero.

I believe the existing wording will cover this:

> If the [=signature counter=] value |adata|.|signCount| is nonzero or the value stored in conjunction with |credential|'s {{Credential/id}} attribute is nonzero, then set |signatureCounterSupported| to true.

So `signCount` and the stored value will both be zero and `signatureCounterSupported` will be false for the initial signature.

However, for a subsequent signature, `signCount` will be 1 and so `signatureCounterSupported` will be true and, since 1 > 0, everything will work, the stored value will be updated and thus a zero counter will not be accepted in the future.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-328188990 using your GitHub account
Received on Friday, 8 September 2017 19:07:24 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC