screenshot... Hans.
On Fri, Nov 8, 2019 at 2:13 PM Denis <denis.i...@free.fr> wrote: > Hello Hans, > > You wrote: > > one client can always share the protected data with another client once > retrieved, regardless of pop or secure elements > > No, there exist means that prevent a client to share the protected data > with another client , simply because the client cannot access to it. > The protected data is placed inside the secure element and thus a client > has no way to extract it for the benefit of another client. > > The protected data is used by the secure element in such a way so that it > cannot be used for the benefit of another user. > > But we are already in the field of the solutions and no more in the field > of the requirements. > > Denis > > > Hans. > > On Fri, Nov 8, 2019 at 8:38 AM Denis <denis.i...@free.fr> wrote: > >> Daniel, >> >> No. It is not a correct summary. One client can allow another client to >> get an access token that belongs to it. >> The key point is that a software only solution can't prevent this >> collaborative attack and since, at this time, >> the OAuth WG is not considering the use of secure elements, the attack >> cannot be countered. >> >> Please have a look at: >> https://www.ietf.org/mail-archive/web/oauth/current/msg16767.html >> >> Denis >> >> >> Hi Denis, >> >> Am 07.11.19 um 09:16 schrieb Denis: >> >> >> *Whatever kind of cryptographic is being used, when two users >> collaborate, a software-only solution will be unable to prevent the >> transmission * >> * of an attribute of a user that possess it to another user that >> does not possess it. * >> >> To stay in OAuth lingo, what you are saying is: Two collaborating clients >> can exchange their access tokens and use them. >> >> Is that a correct summary of your attack? >> >> -Daniel >> >> >> >> _______________________________________________ >> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > > -- > hans.zandb...@zmartzone.eu > ZmartZone IAM - www.zmartzone.eu > > > -- hans.zandb...@zmartzone.eu ZmartZone IAM - www.zmartzone.eu
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
