- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 19 Apr 2013 14:34:51 -0400
- To: Norbert Bollow <nb@bollow.ch>
- CC: Web Payments CG <public-webpayments@w3.org>
On 04/18/2013 12:31 PM, Norbert Bollow wrote: > Manu Sporny <msporny@digitalbazaar.com> wrote: >> The attack is only possible if a message is passed over a >> non-secure channel, right? That is, the spec is clear about passing >> all messages over HTTPS. Granted, that's not an excuse for the >> approach taken and it should be fixed, but the attack is only >> possible if messages are sent over an insecure channel, correct? > > Saying "use HTTPS!" does not assure having a channel that is secure > in every respect. Trustworthy security requires careful arguments > based on specific security properties. Agreed. I don't think anyone was making this statement, though. :) Passing the information over HTTPS while not implementing the fix would open a sender up to an attacker that is the server. That is, you could send the signed request over HTTPS, but then the server could re-write your request and forward it on to some other server. This would be very bad from a Web Payments perspective. So, the answer is, the vulnerability would result in a real-world problem over HTTPS as well. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Meritora - Web payments commercial launch http://blog.meritora.com/launch/
Received on Friday, 19 April 2013 18:35:14 UTC