W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Sign counter alg 507

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Sat, 09 Sep 2017 19:02:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-328297124-1504983712-sysbot+gh@w3.org>
> are you saying that the current validation rule of ignoring the counter if the current value is 0 and the previous value is unset or 0 is fine?

I don't believe that I've heard anyone mention anything that would conflict with that.

> I think actually using time_t would defeat the purpose of the anti cloning

Absolutely. You might as well just disable the counter and save yourself the bother of a clock.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-328297124 using your GitHub account
Received on Saturday, 9 September 2017 19:01:58 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC