- From: FREDFLT via GitHub <sysbot+gh@w3.org>
- Date: Mon, 12 Jun 2017 22:04:24 +0000
- To: public-web-nfc@w3.org
NFC and FIDO expert here. Few answers first about NFC: "It is possible to sniff NFC reads from up to 30 meters.". =>NOPE. We are talking about ISO14443 here. Few centimeters max. Best known -non commercial- antennas can reach up to 25cm. Theoretically -never ever seen- you can reach 50cm. "Even with a context or unique data, the transaction can be caught and replay by anyone." => You can choose secure protocols with encryption, mutual authentication and anti-replay attack. You are not forced to use non-secure protocols. (Yes few banks and payment services providers made obviously stupid choices and mistakes, mostly for back-compatibility issues) Regarding FIDO: If you are looking for a way to communicate with a NFC card/device (or a Bluetooth device) from a web page, you don't have to wait for W3C WebAuthN (FIDO v2), you can use FIDO U2F API today: - Chrome for Android built-in support for many months -even if Authenticator app is still required for now- - Google play services API built-in support for Android Application development will come in the next few days/weeks, it was announced a few days ago at Google I/O '17 - Third Party iOS app SDK available but still complex to obtain for now (this may change "soon"(c) ) The first goal of FIDO U2F is to make secure authentication. If you are thinking about doing something else, this is still possible but you'll have to build your own protocol above U2F exchanges. Note: That's what I am working on with few other fools :) -- GitHub Notification of comment by FREDFLT Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/128#issuecomment-307947372 using your GitHub account
Received on Monday, 12 June 2017 22:04:30 UTC