[VC Security & Trust Document] Improve description of holder binding
Issue #2012
wontfix
(Re “Cryptographic Holder Binding”)
Giuseppe De Marco
An evil RP may receive a presentation of a VC with a signed nonce and re-present the same VC reusing the signed nonce to another RP (may we say nonce-reply?)
I’ve assumed that the presentation response should be signed with the private key linked to the public one binded in the VC.
Comments (3)
-
reporter
-
- changed component to VC Sec&Trust
-
- changed status to wontfix
Moving to new Repo under Digital Credentials Protocols WG
- Log in to comment
- Assignee
- Type
- Priority
- Status
- wontfix
- Component
- VC Sec&Trust
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
@Giuseppe De Marco Can you please expand on this comment made for the Security and Trust document? How would the replay work if we assume that the verifier always expects a new nonce to be signed?