Re: [web-nfc] Write-only Web NFC variant proposal

> Developers do not use NFC for security purpose I believe.

@Liryna Right, but NFC is anyway used for security critical applications like EMV payments and e-Passport reading.  In order to use an unsecured channel like NFC for such purposes (including the ones covered by this proposal), you need an application specific protocol coping with some (or if possible all) imaginable attacks on the channel itself.

Just for my own education (I'm not an NFC expert you know):  Are there documented, "_long-distance_" attacks where the output from lets say a payment terminal, is not only read, but changed on-the-fly in order to trick the customer's card/device in some way?

I will _try_ to come up with a concrete security protocol for the targeted application space although the proposal even without that has considerably better security and usability properties than the current "gold standard", QR code.

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/128#issuecomment-306532093 using your GitHub account

Received on Tuesday, 6 June 2017 15:56:27 UTC