[Openid-specs-risc] openid/sharedsignals: Comment created on issue 257
github at oidf.org
github at oidf.org
Tue May 13 21:37:28 UTC 2025
openid/sharedsignals event
Issue Comment created on issue 257
Issue Title: Preventing replay attacks in PUSH streams
https://github.com/openid/sharedsignals/issues/257
Comment: This is why it is necessary for the Receiver to check the `aud` claim in the SET. In your example, the SET sent to the malicious receiver would not have the correct `aud` value for the attacked receiver. So the attacked receiver should reject the SET when it arrives.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20250513/b9ee0364/attachment.htm>
More information about the Openid-specs-risc
mailing list