<div dir="ltr"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap">I have a fundamental problem with </span><span style="font-family:"Noto Sans",Arial,Helvetica,sans-serif">OpenID for Verifiable Presentations over BLE flow diagrams.</span></div><div>It seems that the user wallet identifies itself to the verifier before the user knows the identifier of the verifier.</div><div>There is a statement about the advertisement "5.2 <span style="font-family:"Noto Sans",Arial,Helvetica,sans-serif;font-size:14px">The QR Code contains the name and the ephemeral public key of the Verifier."</span></div><div>Is the presumption that the physical context of the QR code is sufficient?.</div><div>It seems that anyone could go about pasting QR codes in any place that lead to attack sites.</div><div><br></div><div>I am creating some BLE code to see if section 5.1 is any better. It is not clear from the docs that i have what information is in the ad.</div><div><span style="background-color:rgb(242,242,242);color:rgba(0,0,0,0.9);font-family:-apple-system,system-ui,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Fira Sans",Ubuntu,Oxygen,"Oxygen Sans",Cantarell,"Droid Sans","Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Lucida Grande",Helvetica,Arial,sans-serif;font-size:14px;white-space:pre-wrap"> </span>..tomj</div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 25, 2023 at 4:37 AM Torsten Lodderstedt via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div name="messageBodySection">
<div dir="auto">Hi all, <br>
<br>
the initial revision of the OpenID for Verifiable Presentations over BLE draft is now available <a href="https://openid.bitbucket.io/connect/openid-4-verifiable-presentations-over-ble-1_0.html" target="_blank">https://openid.bitbucket.io/connect/openid-4-verifiable-presentations-over-ble-1_0.html</a>.<br>
<br>
Please review the specification and give feedback either here on the list or through issues at <a href="https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=!spam" target="_blank">https://bitbucket.org/openid/connect/issues?status=new&status=open&status=submitted&is_spam=!spam</a>. <br>
<br>
Thanks in advance, <br>
Torsten. </div>
</div>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote></div>