- From: mseddon via GitHub <sysbot+gh@w3.org>
- Date: Thu, 05 May 2022 20:47:53 +0000
- To: public-web-nfc@w3.org
> Closing the loop (on a big delay, sorry!): it looks like someone else explained it for the Yubikey case in #543 (NDEF fallback data contains an OTP). > > However, this is a _single_ device out of many, and I don't think a blocklist based on historical bytes is the answer: > > * [there is no specified update frequency for the blocklist](https://w3c.github.io/web-nfc/#blocklist), nor an expiry mechanism. > * cards of same model have the same ATR (and thus historical bytes), _even when used for different purposes_ (eg: storage cards like MIFARE Ultralight and NTAG). > * the same model of card has may have a different ATR (and thus historical bytes) on different readers. Ludovic Rousseau (author of `pcsclite`) maintains [a public list of ATRs](http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt) where you can see this issue. > * [some cards have no historical bytes at all](https://developer.android.com/reference/android/nfc/tech/IsoDep#getHistoricalBytes()), so are impossible to add to an allow or block list. > * filtering based on content is similarly fraught with technical difficulties. > > [A better answer would be to give a way for tags to explicitly declare compatibility](https://github.com/mozilla/standards-positions/issues/238#issuecomment-610691221). This could be done with an NDEF record extension, but is something you'd need to propose to the NFC forum. It's unclear how this would avoid tags which suck without realising it claiming they don't however. I'm honestly not so far convinced with the arguments presented so far. -- GitHub Notification of comment by mseddon Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/537#issuecomment-1119033013 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 5 May 2022 20:47:54 UTC