- From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
- Date: Mon, 05 Jun 2017 13:23:31 +0000
- To: public-web-nfc@w3.org
@alexshalamov wrote: > Could you check whether NFC Signature Record Type Definition (RTD) would be sufficient for your use-cases? If signing data would be enough, signed QR data would do as well. The core problem is that the QR applications this issue refers to must know which _page_ the information is emitted from in order to "simulate" in-bound communication. Using the NFC based QR replacement: If a page is phished, the phisher's security context will be supplied with the "data" which in the case of authentication will (in a properly designed service NB), generate an authentication that only works in the phisher's domain or be stopped already at the phone client level. -- GitHub Notification of comment by cyberphone Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/128#issuecomment-306186167 using your GitHub account
Received on Monday, 5 June 2017 13:23:38 UTC