[webauthn] FIDO U2F Attestation Statement Format doesn't say what to do with Counter from J.C. Jones via GitHub on 2017-07-17 (public-webauthn@w3.org from July 2017)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Jul 2017 19:56:18 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-243508685-1500321375-sysbot+gh@w3.org>

jcjones has just created a new issue for https://github.com/w3c/webauthn:

== FIDO U2F Attestation Statement Format doesn't say what to do with Counter ==
Similar to #506 ... when creating a new credential, the U2F wire protocol doesn't provide back a Counter value. We should define what behavior UAs should do in this case.

The options we've discussed before are:

1) Encode this as all zeroes, or some other sentinel value to indicate that it is unset.

2) After generating a new credential, UAs must immediately trigger a Sign operation with that credential using bogus data to obtain the Counter. This will require an additional Test of User Presence before the Create Credential flow completes.

(Firefox is picking Option 1 w/ all zeroes for now, and we'll update as this resolves)

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/507 using your GitHub account

Received on Monday, 17 July 2017 19:56:24 UTC