Open bslassey opened 1 year ago
HI Brad, Mitigation for intercepting share URL along with the secret is recommendation to send both over secure channel, if that is not possible - then use a verification code (aka PIN) out of band - e.g. using voice call to the friend. We also think of a concept of second factor identification by the friend at the time they try to provision the key to their device / wallet, but do not have clear solution for that.
Hi Brad and thank you for your question. Just to add on top of Dmitry's replay:
As I understand it, threat #3 is describing the secret being intercepted. Practically, this would seem to describe an attacker intercepting the share URL (e.g. "https://www.example.com/v1/m/2bba630e-519b-11ec-bf63-0242ac130002?v=c#hXlr6aRC7KgJpOLTNZaLsw==" from the described example).
The mitigation mentions physical separation of the content from the secret. I believe this is describing the fact that the secret is sent directly from the owner to the friend while the content is hosted in the mailbox. But if the threat is the share URL with the secret being intercepted, what is preventing the attacker from accessing the content of the mailbox?
The second mitigation describes an optional second factor such as a PIN shared over the same message. Does this protect much of the attacker intercepts the message "Here's my key https://www.example.com/v1/m/2bba630e-519b-11ec-bf63-0242ac130002?v=c#hXlr6aRC7KgJpOLTNZaLsw==, the PIN is 1234"?