-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move Security section to the end. Fix HTML errors. #436
Conversation
|
||
<section> <h3>Chain of trust</h3> | ||
<p> | ||
Web pages using Web NFC are not trusted. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
considered trusted
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Content of Security section will be updated in a future PR.
Web pages using Web NFC are not trusted. | ||
This means that the user needs to be aware of exactly what a web page is | ||
intending to do with NFC at any given moment. Implementations need to | ||
make sure that when the user authorizes a method of this API, then only that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'authorizes a method of this API' sounds cryptic
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same as above
</section> | ||
<section> <h4>Restrict automatic handling</h4> | ||
<p> | ||
The payload data on <a>NFC content</a> is untrusted, and must not be used |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But people can use signature records to make it trusted
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a malicious third party could delete the signature record from the NDEF message or
attach a new signature record to prevent the user from noticing any malicious change of content.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But with the right policies in place it should be indeed fine (trusted).
Anyway, content changes come in a next PR.
Can you split this CL in two CLs so that it's easier to review? |
There is no content change yet, just moved the Security section to the end, added missing closing tags and changed Purely syntactic changes, in that sense, this is the split, before I make content changes. |
I was confused as @kenchris was suggesting changes. |
Signed-off-by: Zoltan Kis <zoltan.kis@intel.com>
Good idea. I've run tidy and fixed a few more errors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
To editors: please take attention to close tags. Browsers do complete them, but tools will complain.
Also, no flow content inside
<p>
.Will continue with the Security section in a subsequent PR, this is to have a corrected baseline.
Signed-off-by: Zoltan Kis zoltan.kis@intel.com
Preview | Diff