Update of ED report from new reffy run

Using reffy commit 17.2.7.
w3c · Oct 24, 2024 · e2de315 · e2de315
1 parent dcaa744
commit e2de315
Show file tree

Hide file tree

Showing 5 changed files with 5,682 additions and 5,680 deletions.
diff --git a/ed/algorithms/webauthn-3.json b/ed/algorithms/webauthn-3.json
@@ -1975,7 +1975,7 @@
                 },
                 {
                   "case": "less than or equal to credentialRecord.signCount:",
-                  "html": "This is a signal that\n          the authenticator may be cloned, i.e. at least\n          two copies of the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#credential-private-key\" id=\"ref-for-credential-private-key①⑥\">credential private key</a> may exist and are\n          being used in parallel. <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑧⑧\">Relying Parties</a> should incorporate this information\n          into their risk scoring.\n          Whether the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑧⑨\">Relying Party</a> updates <code><var>credentialRecord</var>.<a data-link-type=\"abstract-op\" href=\"https://w3c.github.io/webauthn/#abstract-opdef-credential-record-signcount\" id=\"ref-for-abstract-opdef-credential-record-signcount④\">signCount</a></code> below in this case, or not, or fails the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#authentication-ceremony\" id=\"ref-for-authentication-ceremony③④\">authentication ceremony</a> or not, is <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨⓪\">Relying Party</a>-specific."
+                  "html": "This is a signal, but not proof, that the authenticator may be cloned. For example it might mean that: \n         <ul>\n          <li data-md=\"\">\n           <p>Two or more copies of the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#credential-private-key\" id=\"ref-for-credential-private-key①⑥\">credential private key</a> may exist and are being used in parallel.</p>\n          </li><li data-md=\"\">\n           <p>An authenticator is malfunctioning.</p>\n          </li><li data-md=\"\">\n           <p>A race condition exists where the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑧⑧\">Relying Party</a> is processing assertion responses in an order other than the order they were generated at the authenticator.</p>\n         </li></ul>\n         <p><a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑧⑨\">Relying Parties</a> should evaluate their own operational characteristics and incorporate this information into their risk scoring.\n          Whether the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨⓪\">Relying Party</a> updates <code><var>credentialRecord</var>.<a data-link-type=\"abstract-op\" href=\"https://w3c.github.io/webauthn/#abstract-opdef-credential-record-signcount\" id=\"ref-for-abstract-opdef-credential-record-signcount④\">signCount</a></code> below in this case, or not, or fails the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#authentication-ceremony\" id=\"ref-for-authentication-ceremony③④\">authentication ceremony</a> or not, is <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨①\">Relying Party</a>-specific.</p>\n         <p>For more information on signature counter considerations, see <a href=\"https://w3c.github.io/webauthn/#sctn-sign-counter\">§ 6.1.1 Signature Counter Considerations</a>.</p>"
                 }
               ]
             }
@@ -2111,15 +2111,15 @@
       "rationale": "for",
       "steps": [
         {
-          "html": "<p><a data-link-type=\"dfn\" href=\"https://infra.spec.whatwg.org/#list-iterate\" id=\"ref-for-list-iterate②①\">For each</a> <var>subStmt</var> of <var>attStmt</var>, evaluate the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#verification-procedure\" id=\"ref-for-verification-procedure①③\">verification procedure</a> corresponding to the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#attestation-statement-format-identifier\" id=\"ref-for-attestation-statement-format-identifier⑤\">attestation statement format identifier</a> <code><var>subStmt</var>.fmt</code> with <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#verification-procedure-inputs\" id=\"ref-for-verification-procedure-inputs⑥\">verification procedure inputs</a> <var>subStmt</var>, <var>authenticatorData</var> and <var>clientDataHash</var>.</p>\n       <p>If validation fails for one or more <var>subStmt</var>, decide the appropriate result based on <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨④\">Relying Party</a> policy.</p>"
+          "html": "<p><a data-link-type=\"dfn\" href=\"https://infra.spec.whatwg.org/#list-iterate\" id=\"ref-for-list-iterate②①\">For each</a> <var>subStmt</var> of <var>attStmt</var>, evaluate the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#verification-procedure\" id=\"ref-for-verification-procedure①③\">verification procedure</a> corresponding to the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#attestation-statement-format-identifier\" id=\"ref-for-attestation-statement-format-identifier⑤\">attestation statement format identifier</a> <code><var>subStmt</var>.fmt</code> with <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#verification-procedure-inputs\" id=\"ref-for-verification-procedure-inputs⑥\">verification procedure inputs</a> <var>subStmt</var>, <var>authenticatorData</var> and <var>clientDataHash</var>.</p>\n       <p>If validation fails for one or more <var>subStmt</var>, decide the appropriate result based on <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨⑤\">Relying Party</a> policy.</p>"
         },
         {
-          "html": "<p>If sufficiently many (as determined by <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨⑤\">Relying Party</a> policy) <a data-link-type=\"dfn\" href=\"https://infra.spec.whatwg.org/#list-item\" id=\"ref-for-list-item①③\">items</a> of <var>attStmt</var> verify successfully,\nreturn implementation-specific values representing any combination of outputs from successful <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#verification-procedure\" id=\"ref-for-verification-procedure①④\">verification procedures</a>.</p>"
+          "html": "<p>If sufficiently many (as determined by <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party②⑨⑥\">Relying Party</a> policy) <a data-link-type=\"dfn\" href=\"https://infra.spec.whatwg.org/#list-item\" id=\"ref-for-list-item①③\">items</a> of <var>attStmt</var> verify successfully,\nreturn implementation-specific values representing any combination of outputs from successful <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#verification-procedure\" id=\"ref-for-verification-procedure①④\">verification procedures</a>.</p>"
         }
       ]
     },
     {
-      "html": "In addition to setting the <code class=\"idl\"><a data-link-type=\"idl\" href=\"https://w3c.github.io/webauthn/#dom-authenticationextensionsclientinputs-appid\" id=\"ref-for-dom-authenticationextensionsclientinputs-appid\">appid</a></code> extension input,\nusing this extension requires some additional processing by the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party③⓪⑤\">Relying Party</a> in order to allow users to <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#authentication\" id=\"ref-for-authentication①③\">authenticate</a> using their registered U2F credentials:",
+      "html": "In addition to setting the <code class=\"idl\"><a data-link-type=\"idl\" href=\"https://w3c.github.io/webauthn/#dom-authenticationextensionsclientinputs-appid\" id=\"ref-for-dom-authenticationextensionsclientinputs-appid\">appid</a></code> extension input,\nusing this extension requires some additional processing by the <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#relying-party\" id=\"ref-for-relying-party③⓪⑥\">Relying Party</a> in order to allow users to <a data-link-type=\"dfn\" href=\"https://w3c.github.io/webauthn/#authentication\" id=\"ref-for-authentication①③\">authenticate</a> using their registered U2F credentials:",
       "rationale": "set",
       "steps": [
         {