- From: Ehsan Toreini <notifications@github.com>
- Date: Fri, 25 Jul 2025 08:01:00 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 25 July 2025 15:01:04 UTC
toreini left a comment (w3ctag/design-reviews#1071) Hi @arichiv , many thanks for this spec. Can you please have a look at these? 1) I have a question regarding the design of the protocol: How does this spec resists against a fraudulent who want to impersonate an honest user? Consider this scenario: - You are fraud or part of a fraud campaign that is small or medium sized, you use a malicious extension to record the message exchange (which is not an unreasonable assumption for fraud). - As message is not bound to time or recorded nonce (to prevent tracking), you distribute it among dozen of other user agents. Each one will try to impersonate a user, relaying the same messages with the hope that one of them will pass the browser challenge (if the T* is predictable, which I think it is). - the above scenario may work with large scale or targeted fraud attacks too. 2) Also, The diagram in the explainer is confusing (and misleading) in many ways: for instance (but not limited too), client private key k and then, response k? are they different? Does it mean the private key is sent to the server? Many thanks again, Ehsan -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1071#issuecomment-3118371514 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1071/3118371514@github.com>
Received on Friday, 25 July 2025 15:01:04 UTC