From 85717cce29586ec9fec3bf75bbb00da8ee39e4c6 Mon Sep 17 00:00:00 2001 From: Shane Weeden Date: Thu, 3 Oct 2024 10:55:01 +1000 Subject: [PATCH 1/2] Address #2172 --- index.bs | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/index.bs b/index.bs index f537878e3..b1d55a2fa 100644 --- a/index.bs +++ b/index.bs @@ -4811,9 +4811,9 @@ leave the [=authData/signCount=] in the [=authenticator data=] cons A [=[RP]=] stores the [=signature counter=] of the most recent [=authenticatorGetAssertion=] operation. (Or the counter from the [=authenticatorMakeCredential=] operation if no [=authenticatorGetAssertion=] has ever been performed on a credential.) In subsequent [=authenticatorGetAssertion=] operations, the [=[RP]=] compares the stored [=signature counter=] value with the new -[=authData/signCount=] value returned in the assertion's [=authenticator data=]. If either is non-zero, and the new [=authData/signCount=] value is less than or equal to the stored value, a cloned authenticator may exist, or the authenticator may be malfunctioning. +[=authData/signCount=] value returned in the assertion's [=authenticator data=]. If either is non-zero, and the new [=authData/signCount=] value is less than or equal to the stored value, a cloned authenticator may exist, or the authenticator may be malfunctioning, or a race condition might exist where the relying party is receiving and processing assertions in an order other than the order they were generated at the authenticator. -Detecting a [=signature counter=] mismatch does not indicate whether the current operation was performed by a cloned authenticator or the original authenticator. [=[RPS]=] should address this situation appropriately relative to their individual situations, i.e., their risk tolerance. +Detecting a [=signature counter=] mismatch does not indicate whether the current operation was performed by a cloned authenticator or the original authenticator. [=[RPS]=] should address this situation appropriately relative to their individual situations, i.e., their risk tolerance or operational factors that might result in an acceptable reason for non-increasing values. Authenticators: - SHOULD implement per credential [=signature counters=]. This prevents the @@ -6240,15 +6240,17 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
greater than |credentialRecord|.[$credential record/signCount$]:
The signature counter is valid.
less than or equal to |credentialRecord|.[$credential record/signCount$]:
-
This is a signal that - the authenticator may be cloned, i.e. at least - two copies of the [=credential private key=] may exist and are - being used in parallel. [=[RPS]=] should incorporate this information - into their risk scoring. +
This is a signal, but not proof, that the authenticator may be cloned. For example it might mean that: + - Two or more copies of the [=credential private key=] may exist and are being used in parallel. + - An authenticator is malfunctioning. + - A race condition exists where the [=[RP]=] is processing assertion responses in an order other than the order they were generated at the authenticator. + + [=[RPS]=] should evaluate their own operational characteristics and incorporate this information into their risk scoring. Whether the [=[RP]=] updates |credentialRecord|.[$credential record/signCount$] - below in this case, or not, or fails the - [=authentication ceremony=] or not, is - [=[RP]=]-specific.
+ below in this case, or not, or fails the [=authentication ceremony=] or not, is [=[RP]=]-specific. + + For more information on signature counter considerations, see [[#sctn-sign-counter]]. +
  • From 8c2cfdd4a7e6fec4eef91c31f2b0fc0ef972eef6 Mon Sep 17 00:00:00 2001 From: Shane Weeden Date: Thu, 24 Oct 2024 04:28:58 +1000 Subject: [PATCH 2/2] Update index.bs accepting line breaks as elum suggested Co-authored-by: Emil Lundberg --- index.bs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/index.bs b/index.bs index b1d55a2fa..19975144b 100644 --- a/index.bs +++ b/index.bs @@ -4811,7 +4811,9 @@ leave the [=authData/signCount=] in the [=authenticator data=] cons A [=[RP]=] stores the [=signature counter=] of the most recent [=authenticatorGetAssertion=] operation. (Or the counter from the [=authenticatorMakeCredential=] operation if no [=authenticatorGetAssertion=] has ever been performed on a credential.) In subsequent [=authenticatorGetAssertion=] operations, the [=[RP]=] compares the stored [=signature counter=] value with the new -[=authData/signCount=] value returned in the assertion's [=authenticator data=]. If either is non-zero, and the new [=authData/signCount=] value is less than or equal to the stored value, a cloned authenticator may exist, or the authenticator may be malfunctioning, or a race condition might exist where the relying party is receiving and processing assertions in an order other than the order they were generated at the authenticator. +[=authData/signCount=] value returned in the assertion's [=authenticator data=]. If either is non-zero, and the new [=authData/signCount=] value is less than or equal to the stored value, a cloned authenticator may exist, or the authenticator may be malfunctioning, +or a race condition might exist where the relying party is receiving and processing assertions +in an order other than the order they were generated at the authenticator. Detecting a [=signature counter=] mismatch does not indicate whether the current operation was performed by a cloned authenticator or the original authenticator. [=[RPS]=] should address this situation appropriately relative to their individual situations, i.e., their risk tolerance or operational factors that might result in an acceptable reason for non-increasing values.