- From: Zoltan Kis via GitHub <sysbot+gh@w3.org>
- Date: Thu, 14 May 2020 14:41:42 +0000
- To: public-web-nfc@w3.org
In the past we have explored the idea of "origin" exported to NFC tags, but the inherent insecurity of NFC tags (no guarantee the tag was not overwritten with a forged origin) made it a no-fly. So we cannot "trust" tags. AFAIK HW id's are not always UID's and can be forged as well. Tags are therefore always untrusted. Some sort of prior user permission + notifications on read (eventually ask for forgiveness) is needed therefore. That is one way we could do it - but it will be difficult. Or, tags should be encrypted and managed by the apps (Implementations cannot be responsible for key management). But this would still have the permission+foreground constraints. Now in theory we could have a special reader object which allowed options to scan() to take a public key and a token from the app and check for certain (given) content type on the tags, decrypt and then check for the token in the payload - all that in order to allow reads in the background in a worker. That special reader probably might need to be in a different conformance class than NDEFReader. Another way is using NDEF signatures for tag integrity protection: if they are present and if the implementation can verify the signatures, a special reader would be allowed to be exposed to workers. However, they are not supported yet in this way (they could be read but they are not processed by implementations; apps are responsible to verify them). -- GitHub Notification of comment by zolkis Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/293#issuecomment-628680733 using your GitHub account
Received on Thursday, 14 May 2020 14:41:44 UTC