Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VC Security & Trust Document] Improve description of holder binding #7

Open
Macke opened this issue Aug 10, 2023 · 1 comment
Open

[VC Security & Trust Document] Improve description of holder binding #7

Macke opened this issue Aug 10, 2023 · 1 comment

Comments

@Macke
Copy link

Macke commented Aug 10, 2023

Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/2012

Original Reporter: danielfett

(Re “Cryptographic Holder Binding”)

Giuseppe De Marco

2023-03-06

An evil RP may receive a presentation of a VC with a signed nonce and re-present the same VC reusing the signed nonce to another RP (may we say nonce-reply?)

I’ve assumed that the presentation response should be signed with the private key linked to the public one binded in the VC.
@Macke
Copy link
Author

Macke commented Aug 10, 2023

Imported from AB/Connect bitbucket - Original Commenter: danielfett

@{557058:245bbbf8-3623-466b-9e2f-a9fa2f30c0ee} Can you please expand on this comment made for the Security and Trust document? How would the replay work if we assume that the verifier always expects a new nonce to be signed?

@danielfett danielfett removed bug Something isn't working major labels Aug 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielfett @Macke