Add SHOULD language about checking the issuer value

openid / sharedsignals

OpenID Shared Signals Working Group Repository

45 stars 11 forks source link

Add SHOULD language about checking the issuer value #172

Closed FragLegs closed 3 weeks ago

FragLegs commented 1 month ago

To address the attack identified in Issue #162, we recommend that the Receiver SHOULD check the iss value when getting a Stream Configuration from the Transmitter to ensure that it matches the Issuer that sent the Transmitter Configuration data.

FragLegs commented 1 month ago

Along with this, the receivers MUST validate iss claims on every SSF event delivered on the stream

@appsdesh I agree that Receivers ought to validate the iss claim in the SET, but is there a specific attack that you are imagining that can only be countered this way?

timcappalli commented 1 month ago

Why is this a SHOULD vs a MUST?

FragLegs commented 1 month ago

Why is this a SHOULD vs a MUST?

@timcappalli I don't feel strongly about this, but the SSF spec is mostly concerned with what the Transmitter MUST do. It seems like we generally take a more lenient stance towards the Receiver. I think the underlying statement is, "If the Receiver doesn't want to be subjected to attacks a, b, and c, then it SHOULD do x, y, and z."

FragLegs commented 4 weeks ago

Note to self: also need to tie Issuer of metadata to iss