[webauthn] Clarify authenticator behaviour when not implementing signature counter from Emil Lundberg via GitHub on 2018-07-25 (public-webauthn@w3.org from July 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Jul 2018 12:51:35 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-344430253-1532523094-sysbot+gh@w3.org>

emlun has just created a new issue for https://github.com/w3c/webauthn:

== Clarify authenticator behaviour when not implementing signature counter ==
@herrjemand notes in PR #1003:

>[...] we previously said that if authenticator does not implement Counter, then there would be either MSB set to true, or the counter value is zero. Currently there is none of this mentions in Webauthn or CTAP2 specs. So we need to clarify this behaviour.

I agree we should clarify this: if the authenticator does not implement a signature counter, it should always set the signature count to zero. This will be a small change to the authenticator algorithms, but I argue that this is an editorial change since the RP operations already imply that this is the only possible implementation that RPs would accept.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1008 using your GitHub account

Received on Wednesday, 25 July 2018 12:51:37 UTC