Andreas Schildbach [ARCHIVE] on Nostr: 📅 Original date posted:2015-02-22 📝 Original message:On 02/23/2015 12:32 AM, ...
📅 Original date posted:2015-02-22
📝 Original message:On 02/23/2015 12:32 AM, Andy Schroder wrote:
> I guess we need to decide whether we want to consider NFC communication
> private or not. I don't know that I think it can be. An eavesdropper can
> place a tiny snooping device near and read the communication. If it is
> just passive, then the merchant/operator won't realize it's there. So, I
> don't know if I like your idea (mentioned in your other reply) of
> putting the session key in the URL is a good idea?
I think the "trust by proximity" is the best we've got. If we don't
trust the NFC link (or the QR code scan), what other options have we
got? Speaking the session key by voice? Bad UX, and can be eavesdropped
as well of course.
Published at
2023-06-07 15:31:01Event JSON
{
"id": "cea34b13869b8de0c9ff8b744fb7be2bfd806d7a3e6f7033a65edfb94a784d04",
"pubkey": "3215b3d77dff1f84eeb5ad46fb1206a8d1657b3ea765a80b5489ece3a702d2bc",
"created_at": 1686151861,
"kind": 1,
"tags": [
[
"e",
"dfefe04b212481eb3fe073238ab7d32774988526d8b8bf7f8fff0d7249ebe09f",
"",
"root"
],
[
"e",
"7da608ec44644d0939932508a133e7ef56d28a49c6d55644862d3d918c99f5b5",
"",
"reply"
],
[
"p",
"82205f272f995d9be742779a3c19a2ae08522ca14824c3a3b01525fb5459161e"
]
],
"content": "📅 Original date posted:2015-02-22\n📝 Original message:On 02/23/2015 12:32 AM, Andy Schroder wrote:\n\u003e I guess we need to decide whether we want to consider NFC communication\n\u003e private or not. I don't know that I think it can be. An eavesdropper can\n\u003e place a tiny snooping device near and read the communication. If it is\n\u003e just passive, then the merchant/operator won't realize it's there. So, I\n\u003e don't know if I like your idea (mentioned in your other reply) of\n\u003e putting the session key in the URL is a good idea?\n\nI think the \"trust by proximity\" is the best we've got. If we don't\ntrust the NFC link (or the QR code scan), what other options have we\ngot? Speaking the session key by voice? Bad UX, and can be eavesdropped\nas well of course.",
"sig": "dc7f17f6145670a321f0cabae383bb1d9e4eeff1bb2b7fdf4db729b334006c17b830d925f2faf3e009fcbcf897c92e19c4b3661940d590172fe3ec005caed885"
}