- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 04 May 2015 13:29:24 +0200
- To: "Web NFC (W3C)" <public-web-nfc@w3.org>
http://w3c.github.io/web-nfc/security-privacy.html#security-mechanisms Although I'm not working with the same use-cases as web-nfc, it might be of interest hearing about other ways of dealing with security. Context: A mobile device connecting to an NFC-based service in the wild. Using HTTPS etc. is fine but doesn't make sense unless you connect to an NFC port that you [sort of] "know" is running on a trusted platform like your own computer. Why is that? Because the interface may lie. An alternative solution would be to sign NFC requests including a time-stamp using an public SSL-certificate. This is not foolproof but requires stealing somebody else's private key to succeed, while the existing solution only requires a modest SW hack. Here is another security consideration issue which I unfortunately have no answer to at this stage: https://lists.w3.org/Archives/Public/public-webpayments/2015May/0022.html Anders
Received on Monday, 4 May 2015 11:29:58 UTC