Request for clarification on the usage of Domain and Challenge Parameters #339
Labels
future
security-tracker
Group bringing to attention of security, or tracked by the security Group but not needing response.
Comments
simoneonofri
added
the
security-tracker
This comment has been minimized.
This comment has been minimized.
Sh-Amir
changed the title
Thanks for pointing out the typo. |
|
We are grateful for this response from SING and look forward to considering it as part of a future version of the specification |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue refers to the security review requested at w3c/security-request/#55.
In Section 2.1, I would recommend providing additional information or changing the wordings regarding the usage of "Domain" and "Challenge" parameters to better highlight the scenarios in which their usage becomes mandatory. I do agree that not all use cases demand replay protection, but it would be nice to make this explicit by providing examples or adding a note to better highlight this aspect.
The text was updated successfully, but these errors were encountered: