[web-nfc] Secure URL from Web Page from Anders Rundgren via GitHub on 2018-01-29 (public-web-nfc@w3.org from January 2018)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Mon, 29 Jan 2018 17:09:28 +0000
To: public-web-nfc@w3.org
Message-ID: <issues.opened-292487158-1517245767-sysbot+gh@w3.org>

cyberphone has just created a new issue for https://github.com/w3c/web-nfc:

== Secure URL from Web Page ==
This is a variant of what I have previously proposed: https://github.com/w3c/web-nfc/issues/128

This idea is though much simpler though it is only about retrieving a secured URL from a Web page.

Scenario: A Web page wants to present a URL through NFC.  Only if the Web page and the URL to be presented belong to the same domain, NFC will actually emit the URL.

My belief is that this can support entirely "phish-free" OOB authentication schemes, but I have yet to perform a full-blown analysis.

Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/140 using your GitHub account

Received on Monday, 29 January 2018 17:09:31 UTC