Skip to content

Commit

Permalink
Clarify the role of verifiers in preventing replay attacks.
Browse files Browse the repository at this point in the history
Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
Co-authored-by: Dave Longley <dlongley@digitalbazaar.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
  • Loading branch information
4 people authored Aug 24, 2024
1 parent 8477ab2 commit d9f108f
Showing 1 changed file with 16 additions and 5 deletions.
21 changes: 16 additions & 5 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -6009,12 +6009,23 @@ <h4>Replay Attack</h4>
<p>
A [=verifier=] might wish to ensure that a [=verifiable presentation=] is
not used more than a certain number of times. For example, a [=verifiable
credential=] representing an event ticket, might allow entry to multiple
credential=] representing an event ticket might allow entry to multiple
individuals if presented multiple times, undermining the purpose of the ticket
from the perspective of its issuer. To prevent against such attacks,
[=holders=] can make use of techniques such as including a
<a href="https://en.wikipedia.org/wiki/Cryptographic_nonce">nonce</a> during
presentation, or adding an expiry timestamp to reduce the window of attack.
from the perspective of its [=issuer=]. To prevent such replay attacks,
[=verifiers=] require [=holders=] to include additional security measures
in their [=verifiable presentations=]. Examples include the following:
<ul>
<li>
A <a href="https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication">challenge</a>
provided by the [=verifier=], which the [=holder=] incorporates into
a [=verifiable presentation=]. The [=verifier=] enforces challenge
uniqueness to prevent replay attacks.
</li>
<li>
A <a href="#validity-period">validity period</a>, limiting the window
during which the [=verifiable presentation=] is valid.
</li>
</ul>
</p>
<h4>Spoofing Attack</h4>

Expand Down

0 comments on commit d9f108f

Please sign in to comment.