- From: Matthew Miller via GitHub <noreply@w3.org>
- Date: Fri, 27 Feb 2026 20:25:04 +0000
- To: public-webauthn@w3.org
After a good conversation with @kreichgauer today, I've simplified this PR somewhat by decoupling the signature counter from a virtual authenticator's default backup eligibility. Instead, both the **Add Credential** and **Set Credential Properties** endpoints have had `signCount` properties updated/added to normatively require that a credential's signature counter "MUST NOT increment" when `signCount` is set to `0`. This slightly different direction should allow for RPs to write tests for authenticators that always return `0` for sign count, whether the authenticator can backup credentials or not. This should still solve my original problem over in #2363 that the signature counter always increments in getAssertion responses, which is not true for most modern platform authenticators and the macOS Chrome profile authenticator. @emlun @pascoej @nsatragno @sbweeden @ve7jtb I think this is significant enough a change that I have to ask you all to re-review for approval 🙇♂️ -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2382#issuecomment-3974932158 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 27 February 2026 20:25:05 UTC