Require authenticators to implement the signature counter (#630)

index.bs

@@ -1651,7 +1651,7 @@ total length is 37 bytes plus the length of the [=attestation data=], plus the l
 
 ### <dfn>Signature Counter</dfn> Considerations ### {#sign-counter}
 
-Authenticators may implement a [=signature counter=] feature. The [=signature counter=] is incremented for each successful
+Authenticators MUST implement a [=signature counter=] feature. The [=signature counter=] is incremented for each successful
 [=authenticatorGetAssertion=] operation by some positive value, and its value is returned to the [=[RP]=] within the
 [=authenticator data=]. The [=signature counter=]'s purpose is to aid [=[RPS]=] in detecting cloned authenticators. Clone
 detection is more important for authenticators with limited protection measures.
@@ -1660,7 +1660,7 @@ An [=[RP]=] stores the [=signature counter=] of the most recent [=authenticatorG
 
 Detecting a [=signature counter=]  mismatch does not indicate whether the current operation was performed by a cloned authenticator or the original authenticator.  [=[RPS]=] should address this situation appropriately relative to their individual situations, i.e., their risk tolerance. 
 
-Authenticators implementing the [=signature counter=] feature: 
+Authenticators:
 - should implement per-[=RP ID=] [=signature counters=].  This prevents the 
     [=signature counter=] value from being shared between [=[RPS]=] and being possibly employed 
     as a correlation handle for the user. Authenticators may implement a global [=signature counter=], 
@@ -1721,7 +1721,7 @@ When this operation is invoked, the authenticator must perform the following pro
 1. If any error occurred while creating the new credential object, return an error code equivalent to "{{UnknownError}}" and
     terminate the operation.
 1. Process all the supported extensions requested by the client.
-1. If the [=authenticator=] supports: 
+1. If the [=authenticator=] implements:
     <dl class="switch">
         :   a per-[=RP ID=] [=signature counter=]
         ::  allocate the counter, associate it with the 
@@ -1731,8 +1731,8 @@ When this operation is invoked, the authenticator must perform the following pro
               [=authenticator data=].
     </dl>
 
-- If the authenticator supports a signature counter <i>per credential</i>, then initialize this counter with 0.  
-    (Alternatively, the authenticator might support a global signature counter).
+- If the authenticator implements a <i>per credential</i> signature counter, then initialize this counter with 0.
+    (Otherwise, the authenticator implements a global signature counter.)
 - Generate the [=authenticator data=] with
     [=attestation data=] as specified in [[#sec-authenticator-data]]. Use this [=authenticator data=] and the
     [=hash of the serialized client data=] to create an [=attestation object=] for the new credential using the procedure
@@ -1763,10 +1763,9 @@ When this method is invoked, the [=authenticator=] must perform the following pr
     this [=public key credential|credential=]. The prompt for obtaining this [=user consent|consent=] may be shown by the
     [=authenticator=] if it has its own output capability, or by the user agent otherwise.
 1. Process all the supported extensions requested by the client.
-1. If the [=signature counter=] feature is supported, increment the [=RP ID=]-associated 
+1. Increment the [=RP ID=]-associated
     [=signature counter=] or the global [=signature counter=] value, depending on 
-    which approach is implemented by the [=authenticator=] by some positive value.  Otherwise, use a value 
-    of zero (0) for the [=signature counter=] value when generating the [=authenticator data=].
+    which approach is implemented by the [=authenticator=] by some positive value.
 1. Generate the [=authenticator data=] as specified in
     [[#sec-authenticator-data]], though without [=attestation data=]. 
 1. Concatenate this [=authenticator data=] with the [=hash of