Re: [webauthn] §6.1.1. Signature Counter Considerations does not explicitly mention constant-zero case (#1734) from Matthew Miller via GitHub on 2022-05-27 (public-webauthn@w3.org from May 2022)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Fri, 27 May 2022 15:09:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1139708898-1653664194-sysbot+gh@w3.org>

Should we also consider offering advice to RP's on what to do if an authenticator _stops_ providing a non-zero counter in subsequent authentications? Touch ID registered via Chrome on macOS used to return responses with (atomic?) timestamps for a counter, but now those kinds of responses return `0`. I think Chrome only returns zeroes now so perhaps it's less of an issue, but that's not to say this scenario can't play out again with future authenticators.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1734#issuecomment-1139708898 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 27 May 2022 15:09:57 UTC