Re: [webauthn] Delete per RP ID Signature counters

I would be OK with 
a) explicitly mentioning per-credential signature counters.  This is NOT a breaking change IMHO as it would not affect the browser, the server or existing authenticators.  New authenticator could implement that scheme if they want.  I would also argue that implementing that is not explicitly disallowed today.
b) recommend ("should...") implementation of per-credential signature counters.

GitHub Notification of comment by rlin1
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 25 April 2018 17:57:36 UTC