Re: [webauthn] Delete per RP ID Signature counters from Rolf Lindemann via GitHub on 2018-04-25 (public-webauthn@w3.org from April 2018)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Apr 2018 17:57:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-384377956-1524679049-sysbot+gh@w3.org>

I would be OK with 
a) explicitly mentioning per-credential signature counters.  This is NOT a breaking change IMHO as it would not affect the browser, the server or existing authenticators.  New authenticator could implement that scheme if they want.  I would also argue that implementing that is not explicitly disallowed today.
b) recommend ("should...") implementation of per-credential signature counters.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/871#issuecomment-384377956 using your GitHub account

Received on Wednesday, 25 April 2018 17:57:36 UTC