silkroadnomad
commented
6 years ago this is not possible like this and not an issue.
Closed silkroadnomad closed 6 years ago
silkroadnomad
commented
6 years ago this is not possible like this and not an issue.
In case 'Peter' (the email recipient) revokes a permission on the blockchain, Alice (the sender) could create a new nameID and use the old valid signature from a former state when it was still valid. In such a case Alice could send an email with the name header and bob's public key to fake a revoked permission as still valid.
In order to prevent this, the signature which is Peter is giving must be done over a string including the nameId so the permission is only valid with this single nameID.
As long as this nameId is not accessible by Alice a revoked permission cannot be re-activated by alice.