- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 08 Apr 2015 10:25:54 +0200
- To: public-nfc@w3.org
Disclaimer: I'm not particularly versed in NFC technology
Apparently the spec assumes that the user is supposed to deal with messages such as:
"example.com" wants to access your NFC device, do you agree?
If UA vendors feels that it would be inadequate doing something else, I hope that they also
add a check-box "Don't ask me again" because writing data from an untrusted web page to
an NFC device shouldn't impose more security issues than a QR-code AFAICT.
IMO, it is rather the _action_ that is associated with the read data which requires a prompt
in the _connecting_device_.
Wouldn't the current spec. (in practice) lead to multiple security prompts?
A now to some very n00b-ish questions:
- Are messages supposed to be stacked or is it only the last write which is active when the user
connects? I hope it is the latter alternative.
- If the user leaves the page without connecting, the data disappears, right?
Anders
Received on Wednesday, 8 April 2015 08:26:28 UTC