Yaron Sheffer
Yaron Sheffer
Yes, you have it right. This is analogous to the JWT `typ` claim whose goal is to prevent cross-protocol (or really, cross-usage) attacks. So making this mandatory is important. I...
Then put the application/service name there, instead of a protocol name.
It's guidance, not interoperable normative text. Whether people use "myapp" or "myapp/1" or even "myfile.c" doesn't matter all that much. Basically anything is better than a missing context.
Existence and verification of the parameter are both normative. Its content is not.
Hi @richanna, I'll start with your last paragraph. I agree what we have now is only partial mitigation. This kind of attacks is never fully mitigated, because you need to...
I see where this solution is coming from, thank you. But IMHO, this replaces small complexity on the service side with large complexity on the wallet side, which is now...
Hi Carsten, No, I think showing the link for RFCs would not be useful, and that's why I would prefer a solution at the kramdown level rather than in the...
See https://github.com/sio/Makefile.venv/issues/5
@martinthomson Works like magic, thanks!