[Openid-specs-ab] Issue #1423: 7 How is the VC replay is being addressed? (openid/connect)
Nat
issues-reply at bitbucket.org
Wed Jan 26 13:44:16 UTC 2022
New issue 1423: 7 How is the VC replay is being addressed?
https://bitbucket.org/openid/connect/issues/1423/7-how-is-the-vc-replay-is-being-addressed
Nat Sakimura:
Section 7 talks about the presentation replay. However, it was not quite clear how the VC replay is being addressed from scanning the spec. It would help readers if it can be listed as a parallel to the presentation replay. Unless VC itself is bound to the subject of the presentation via subject identifier or a cryptographic proof or something like a nonce, it would seem trivially easy to replay as VCs are potentially going to be presented to many places.
e.g., making a structure like:
7\.1. Preventing Replay Attacks
7\.1.1 Prevention of the presentation replay
7\.1.2 Prevention of the VC replay
More information about the Openid-specs-ab
mailing list