- From: Michael Farrell via GitHub <sysbot+gh@w3.org>
- Date: Mon, 27 Dec 2021 03:38:01 +0000
- To: public-web-nfc@w3.org
Closing the loop (on a big delay, sorry!): it looks like someone else explained it for the Yubikey case in #543 (NDEF fallback data contains an OTP). However, this is a _single_ device out of many, and I don't think a blocklist based on historical bytes is the answer: * [there is no specified update frequency for the blocklist](https://w3c.github.io/web-nfc/#blocklist), nor an expiry mechanism. * cards of same model have the same ATR (and thus historical bytes), _even when used for different purposes_ (eg: storage cards like MIFARE Ultralight and NTAG). * the same model of card has may have a different ATR (and thus historical bytes) on different readers. Ludovic Rousseau (author of `pcsclite`) maintains [a public list of ATRs](http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt) where you can see this issue. * [some cards have no historical bytes at all][ad], so are impossible to add to an allow or block list. * filtering based on content is similarly fraught with technical difficulties. [ad]: https://developer.android.com/reference/android/nfc/tech/IsoDep#getHistoricalBytes() [A better answer would be to give a way for tags to explicitly declare compatibility](https://github.com/mozilla/standards-positions/issues/238#issuecomment-610691221). This could be done with an NDEF record extension, but is something you'd need to propose to the NFC forum. -- GitHub Notification of comment by micolous Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/537#issuecomment-1001314857 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 27 December 2021 03:38:03 UTC