- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Wed, 09 Oct 2024 19:35:10 +0000
- To: public-webauthn@w3.org
> What types of RP use cases is this updated verbiage intended to address? I can only think of convoluted scenarios like "a single passkey used by multiple users across multiple kiosks not syncing counter state" that this might unblock. See the [linked issue](https://github.com/w3c/webauthn/issues/2172#issuecomment-2389702728). > But otherwise why would we weaken the counter check like this? Not sure I agree that this "weakens the counter check". No changes are made to the recommendation that an RP SHOULD fail the ceremony. This provides an example of a situation that RPs are welcome to ignore no differently than the possibility of a faulty authenticator which I don't believe "weakens" the counter check either. An eager user can log in multiple devices using the same credential before the first ceremony is actually complete. The path date sent from one client takes may be encumbered with issues that data sent from another does not encounter allowing a "later" response to actually be received or at least processed before the "earlier" response. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2176#issuecomment-2403286615 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 9 October 2024 19:35:11 UTC