Re: [webauthn] Virtual authenticator should allow `counter` to always be `0` (#2363) from Martin Kreichgauer via GitHub on 2026-01-27 (public-webauthn@w3.org from January 2026)

From: Martin Kreichgauer via GitHub <noreply@w3.org>
Date: Tue, 27 Jan 2026 21:25:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3807615785-1769549146-noreply@w3.org>

Would it make sense to make the virtual authenticator treat the sign counter as fixed to 0 by default to match the majority of real world implementations?

If we really wanted to support testing other values, Set Credential Properties could pass in a different (fixed) value, and the caller could manually increment in whatever steps it wants to test. (But [Chrome's position](https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html#:~:text=Signature%20counters,otherwise%20be%20ignored.) on this is still that the counter should be ignored in all but truly exceptional cases.)


-- 
GitHub Notification of comment by kreichgauer
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2363#issuecomment-3807615785 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 27 January 2026 21:25:49 UTC