Re: [web-nfc] YubiKey NDEF analysis (#543) from Zoltan Kis via GitHub on 2020-03-09 (public-web-nfc@w3.org from March 2020)

From: Zoltan Kis via GitHub <sysbot+gh@w3.org>
Date: Mon, 09 Mar 2020 16:22:54 +0000
To: public-web-nfc@w3.org
Message-ID: <issue_comment.created-596631104-1583770973-sysbot+gh@w3.org>

A blacklisting mechanism could be implemented, akin to Web Bluetooth [blocklist](https://webbluetoothcg.github.io/web-bluetooth/#the-gatt-blocklist).
However, won't be foolproof as the UID's can be false/duplicated on fakes so it can result in DoS attack on certain vendors. 

The more useful thing browser implementations could do is indeed to include information in the permission prompt about the tag tech and content type(s) before that data is handed over to the web page.

-- 
GitHub Notification of comment by zolkis
Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/543#issuecomment-596631104 using your GitHub account

Received on Monday, 9 March 2020 16:22:57 UTC