[VC Security & Trust Document] Improve description of holder binding
Issue #2012
wontfix
(Re “Cryptographic Holder Binding”)
Giuseppe De Marco
An evil RP may receive a presentation of a VC with a signed nonce and re-present the same VC reusing the signed nonce to another RP (may we say nonce-reply?)
I’ve assumed that the presentation response should be signed with the private key linked to the public one binded in the VC.
Comments (3)
-
reporter -
- changed component to VC Sec&Trust
-
- changed status to wontfix
Moving to new Repo under Digital Credentials Protocols WG
- Log in to comment
@Giuseppe De Marco Can you please expand on this comment made for the Security and Trust document? How would the replay work if we assume that the verifier always expects a new nonce to be signed?