logo

litepub.social

Website of https://litepub.social/
commit: b6e4cb96ef44c291a0480aacbd1a3318854d3313
parent b62dc97a011f164cfebc0da7863fd9020a3721bc
Author: William Pitcock <nenolod@dereferenced.org>
Date:   Fri, 12 Apr 2019 23:40:28 -0500

lice: add a note about fake direction attacks

Diffstat:

Mlice.md12++++++++++++
1 file changed, 12 insertions(+), 0 deletions(-)

diff --git a/lice.md b/lice.md @@ -255,3 +255,15 @@ content that was not authorized by the granting server. Implementations SHOULD include key properties of the child object when generating a proof object, such as `content`, `name`, `summary` and `attachment`. + + +## Fake Direction Spoofing + +A malicious server could present a proof object using a third-party domain or third-party +actor. + +Implementations SHOULD verify that the proof object is created by the same actor which +created the content being interacted with. + +Implementations SHOULD verify that the proof object is at the same domain as the object +being interacted with.