- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 08 Apr 2015 16:03:57 +0200
- To: public-web-nfc@w3.org
http://w3c.github.io/web-nfc/security-privacy.html Disclaimer: I'm not particularly versed in NFC technology Apparently the spec assumes that the user is supposed to deal with messages such as: "example.com" wants to access your NFC device, do you agree? If UA vendors feels that it would be inadequate doing something else, I hope that they also add a check-box "Don't ask me again" because writing data from an untrusted web page to an NFC device shouldn't impose more security issues than a QR-code AFAICT. IMO, it is rather the _action_ that is associated with the read data which requires a prompt in the _connecting_device_. Wouldn't the current spec. (in practice) lead to multiple security prompts? A now to some very n00b-ish questions: - Are messages supposed to be stacked or is it only the last write which is active when the user connects? I hope it is the latter alternative. - If the user leaves the page without connecting, the data disappears, right? Anders
Received on Wednesday, 8 April 2015 14:04:41 UTC