+ "html": "This is a signal, but not proof, that the authenticator may be cloned. For example it might mean that: \n <ul>\n <li data-md=\"\">\n <p>Two or more copies of the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#credential-private-key\" id=\"ref-for-credential-private-key①⑥\">credential private key</a> may exist and are being used in parallel.</p>\n </li><li data-md=\"\">\n <p>An authenticator is malfunctioning.</p>\n </li><li data-md=\"\">\n <p>A race condition exists where the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑧⑧\">Relying Party</a> is processing assertion responses in an order other than the order they were generated at the authenticator.</p>\n </li></ul>\n <p><a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑧⑨\">Relying Parties</a> should evaluate their own operational characteristics and incorporate this information into their risk scoring.\n Whether the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨⓪\">Relying Party</a> updates <code><var>credentialRecord</var>.<a data-link-type=\"abstract-op\" href=\"https://w3c.github.io/webauthn/#abstract-opdef-credential-record-signcount\" id=\"ref-for-abstract-opdef-credential-record-signcount④\">signCount</a></code> below in this case, or not, or fails the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#authentication-ceremony\" id=\"ref-for-authentication-ceremony③④\">authentication ceremony</a> or not, is <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨①\">Relying Party</a>-specific.</p>\n <p>For more information on signature counter considerations, see <a href=\"https://w3c.github.io/webauthn/#sctn-sign-counter\">§ 6.1.1 Signature Counter Considerations</a>.</p>"
0 commit comments