- From: FREDFLT via GitHub <sysbot+gh@w3.org>
- Date: Thu, 15 Jun 2017 19:10:17 +0000
- To: public-web-nfc@w3.org
"NFC in PC" => doesn't exist. End of story. On Thu, Jun 15, 2017 at 9:07 AM, Anders Rundgren <notifications@github.com> wrote: > Although the use case has been dismissed, I promised a more complete > description for review. > > [image: nfc-qr-repl] > <https://user-images.githubusercontent.com/8044211/27169160-fffc4ee0-51a8-11e7-973b-a4450beaa3aa.png> > > Assumption: *The Service, PC, and Phone are free from malware interfering > with the devised scheme*. > > The security of this scheme is based on multiple factors: > > - Public key cryptography exposes no static secrets to attackers > - One-time challenges limit attacks to the specfic session > - Session cookies, only known by the Service and the user's PC > (Browser), render intercepted NFC or authentication objects useless outside > of the user's PC > - Intercepting and rewriting RF data on-the-fly appears to be quite > difficult > - The Web Security context provided by the NFC solution in conjunction > with signing thwarts basic "phishing" attacks > - The user must perform an action in order to authorize a login > > The original (and possibly updated) document is available at: > https://cyberphone.github.io/doc/research/nfc-based-qr-replacement.pdf > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/w3c/web-nfc/issues/128#issuecomment-308647894>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/ADsdulYvSY1GYrvGxQ1o16eQaWNQPwWxks5sENgngaJpZM4Nvv7o> > . > -- GitHub Notification of comment by FREDFLT Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/128#issuecomment-308838885 using your GitHub account
Received on Thursday, 15 June 2017 19:10:24 UTC