-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add "Relay Attacks" to security considerations #1041
Comments
Related thread from RATs WG at IETF: |
IMO, we cannot say when relay is legitimate. We can only point out under which circumstances relay can happen and what verifiers can do to mitigate that risk. I suggest, after we merge PR #1054, we extend the security considerations section to add some language around relay. |
This issue is blocked by the holder binding discussion. It really depends on whether such a feature is available. It makes a difference for the security consideration section whether a VC has some protection against impersonation or not. |
Closing this issue, I think it is not addressable in the core data model, it applies to securing formats. |
You opened this as a Security Consideration, which it remains, and which does not require addressing in the core data model — Security Considerations are about awareness and consideration regarding whatever deployment... So I don't understand its closure, as opposed to adding a few sentences to the Security Considerations section. |
@TallTed you are welcome to raise a new issue or file a PR that implements changes you want to see. |
covering cases where challenges are forwarded / related to holder binding / VPs, etc...
We should describe when relay is legitimate, and where it might cause problems.
relevant attacks on in person presentation, or man in the middle... etc.
The text was updated successfully, but these errors were encountered: