MODRNA Authentication Profile: Improving description in section 9 "Security Considerations"

Issue #60 resolved
Gonzalo Fernández created an issue

The second part of the first paragraph said: "The signature allows the OP to authenticate and authorize the sender of the hint and prevent collecting of phone numbers by rogue clients".

It is not the signature which prevents collecting of phone numbers but the fact that the login_hint_token is encrypted. So I think the right sentence would be "The login_hint_token allows the OP ......"

Do you agree?

Comments (4)

  1. Jörg Connotte

    I would just end the sentence after ... of the hint: "The signature allows the OP to authenicate the sender of the hint."

  2. Log in to comment