W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Delete per RP ID Signature counters

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Apr 2018 17:57:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-384377956-1524679049-sysbot+gh@w3.org>
I would be OK with 
a) explicitly mentioning per-credential signature counters.  This is NOT a breaking change IMHO as it would not affect the browser, the server or existing authenticators.  New authenticator could implement that scheme if they want.  I would also argue that implementing that is not explicitly disallowed today.
b) recommend ("should...") implementation of per-credential signature counters.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/871#issuecomment-384377956 using your GitHub account
Received on Wednesday, 25 April 2018 17:57:36 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC