Handling various origin types

WICG / digital-credentials

Digital Credentials, like driver's licenses

https://wicg.github.io/digital-credentials/

Other

75 stars 9 forks source link

Handling various origin types #160

Open marcoscaceres opened 3 weeks ago

marcoscaceres commented 3 weeks ago

When calling .get(), we need to check:

origin is opaque origin? Throw SecurityError.
is the effective domain a valid domain? no, then throw SecurityError.

As with Web Auth, we probably don't want IP addresses being compared here.

OR13 commented 3 weeks ago

What's an example of an invalid domain?

I assume you don't plan to do any TLSA or DNSSEC checks. The domain could be any DNS resolvable IDNA, according to UTS46.

Right?

samuelgoto commented 3 weeks ago

navigator.identity is already protected under SecureContext, wouldn't this already cover "origin is opaque origin?" and "is the effective domain a valid domain?"?