I have implemented a relying party that performs validation of U2F register and authentication responses. One of these checks is to ensure the counter is incrementing. I know that a softkey cannot be trusted from a cloning/attestation point of view, but is there any reason it can't maintain a local counter from a given machine and increment it? At the moment it always returns 0.
I have implemented a relying party that performs validation of U2F register and authentication responses. One of these checks is to ensure the counter is incrementing. I know that a softkey cannot be trusted from a cloning/attestation point of view, but is there any reason it can't maintain a local counter from a given machine and increment it? At the moment it always returns 0.