Re: [web-nfc] Support Signature records (#363) from Kenneth Rohde Christiansen via GitHub on 2019-11-07 (public-web-nfc@w3.org from November 2019)

From: Kenneth Rohde Christiansen via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 Nov 2019 10:56:44 +0000
To: public-web-nfc@w3.org
Message-ID: <issue_comment.created-551029699-1573124203-sysbot+gh@w3.org>

I read that there has been some security issue with the first version of sig records, but I don't understand all details.

I do understand that by changing the payload size, you can make a trailing sig record move between being the last record inside am embedded record collection, or just  trailing the embedded record.

For instance
```
|[url]                               |[url]
|[smart poster]               |[smart poster with new payload length]
|  [t record]           --->    |  [t record]
|[sig record]                   |  [sig record]
```


-- 
GitHub Notification of comment by kenchris
Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/363#issuecomment-551029699 using your GitHub account

Received on Thursday, 7 November 2019 10:56:46 UTC