Re: [web-nfc] "A Better Q"

> It is possible to sniff NFC reads from up to 30 meters. Then it's a race condition

I believe I covered that in: https://github.com/w3c/web-nfc/issues/128#issuecomment-306182806

Anyway, this belongs to "Security Considerations" where _application developers_ should consider the effect of a possible session takeover.  In most current QR use-cases this does not create a security problem.  
Personally, I think this is an issue the _NFC Community_ should address since it is fully universal.

Regarding the other attacks which seem to be about malicious device software, this is out of scope for this proposal and most other security related specifications as well including TLS.  Signed data (a possible option) would invalidate modified tags.

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/128#issuecomment-306210598 using your GitHub account

Received on Monday, 5 June 2017 15:01:44 UTC