Re: [webauthn] Make signature counters a MAY ? (#1590)

If anything the language around counter handling could be tightened up. For example 

> This is a signal that the authenticator may be cloned, i.e. at least two copies of the credential private key may exist and are being used in parallel. Relying Parties should incorporate this information into their risk scoring. Whether the Relying Party updates storedSignCount in this case, or not, or fails the authentication ceremony or not, is Relying Party-specific.

Here, the risk is that people may store the sign count in the situation it has stepped backwards. The greater risk is that when signCount < storedSignCount, if the signCount was tampered with and set to 0, and the RP then persisted that then there is a risk that counter may not be checked again in the future. 

I think if anything, the language in this section could be improved to state that it is *not* recommended to store a sign count when it goes backwards. But the signCount is a useful check. 

GitHub Notification of comment by Firstyear
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 31 March 2021 22:47:15 UTC