[Openid-specs-ab] Issue #1516: [OpenID4VP] Friendly MITM (openid/connect)
Kristina Yasuda
issues-reply at bitbucket.org
Thu Jun 2 20:11:39 UTC 2022
New issue 1516: [OpenID4VP] Friendly MITM
https://bitbucket.org/openid/connect/issues/1516/openid4vp-friendly-mitm
Kristina Yasuda:
Do we have a mechanism to prevent “friendly MITM“?
Verifier requested VP1, UserA does not have it, she forwards the entire request to the UserB. UserB creates a VP1 with correct nonce and audience and sends it back to UserA, UserA uses puts that VP1 inside a response and returns to the Verifier.
From the verifier perspective, all is good, right?
More information about the Openid-specs-ab
mailing list