Closed FragLegs closed 3 weeks ago
Along with this, the receivers MUST validate
iss
claims on every SSF event delivered on the stream
@appsdesh I agree that Receivers ought to validate the iss
claim in the SET, but is there a specific attack that you are imagining that can only be countered this way?
Why is this a SHOULD vs a MUST?
Why is this a SHOULD vs a MUST?
@timcappalli I don't feel strongly about this, but the SSF spec is mostly concerned with what the Transmitter MUST do. It seems like we generally take a more lenient stance towards the Receiver. I think the underlying statement is, "If the Receiver doesn't want to be subjected to attacks a, b, and c, then it SHOULD do x, y, and z."
Note to self: also need to tie Issuer of metadata to iss
To address the attack identified in Issue #162, we recommend that the Receiver SHOULD check the
iss
value when getting a Stream Configuration from the Transmitter to ensure that it matches the Issuer that sent the Transmitter Configuration data.