MODRNA Authentication Profile: Improving description in section 9 "Security Considerations"
Issue #60
resolved
The second part of the first paragraph said: "The signature allows the OP to authenticate and authorize the sender of the hint and prevent collecting of phone numbers by rogue clients".
It is not the signature which prevents collecting of phone numbers but the fact that the login_hint_token is encrypted. So I think the right sentence would be "The login_hint_token allows the OP ......"
Do you agree?
Comments (4)
-
-
- changed component to Authentication
-
- changed status to resolved
fixed
#60: Removed reference to "collecting phone numbers by rogue clients."→ <<cset 3a4f6acaa9dd>>
-
removed the passage about collecting phone numbers
- Log in to comment
I would just end the sentence after ... of the hint: "The signature allows the OP to authenicate the sender of the hint."