Skip to content

Request for clarification on the usage of Domain and Challenge Parameters #339

New issue
New issue
Open
Open
Request for clarification on the usage of Domain and Challenge Parameters#339
Labels
futuresecurity-trackerGroup bringing to attention of security, or tracked by the security Group but not needing response.
@Sh-Amir

Description

@Sh-Amir
Sh-Amir
opened on Apr 15, 2025

This issue refers to the security review requested at w3c/security-request/#55.

In Section 2.1, I would recommend providing additional information or changing the wordings regarding the usage of "Domain" and "Challenge" parameters to better highlight the scenarios in which their usage becomes mandatory. I do agree that not all use cases demand replay protection, but it would be nice to make this explicit by providing examples or adding a note to better highlight this aspect.

Metadata

Metadata

Assignees

No one assigned

    Labels

    futuresecurity-trackerGroup bringing to attention of security, or tracked by the security Group but not needing response.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions