- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Thu, 01 Apr 2021 15:42:54 +0000
- To: public-webauthn@w3.org
Severs need to support counters for authenticators that implement them. We may need to clean up the language for the servers so that they don't allow the counter to be reset to 0. Though I always anticipated that if the counter is 10 and the server gets the next assertion with a counter of 0 that the credential would be invalidated and the new counter not stored. The counter may not be a perfect detector of cloning but is the best we have. The challenge should be used to detect replay not the counter. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1590#issuecomment-811996039 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 1 April 2021 15:42:56 UTC