On Thu, Jun 25, 2015 at 12:19 AM, Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > > Would it be possible elaborate a bit over these "alternative" and "modern" > systems? > https://fidoalliance.org/ is an example of a signature scheme designed for the web security model. Any sort of signature scheme exposed to the web should consider how that boundary is made. > Regarding the "tremendously dangerous security model" what exactly would > evilhacker be able to do with a signature it tricked the poor user to > perform? > hermes-soft.com/signing might sign a document "I authorize $100 to be transferred to hermes-soft" evilhacker.example.com/phishing might sign a document "I authorize $1000 to be transferred to evilhacker"
Received on Thursday, 25 June 2015 07:28:26 UTC