You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's not clear to me what the question is here. Is the concern that we don't think session identifiers need to exist or that we don't believe they need to have cryptographic requirements around them?
#1
Open
Duke-1y opened this issue
Jul 20, 2023
· 0 comments
It's not clear to me what the question is here. Is the concern that we don't think session identifiers need to exist or that we don't believe they need to have cryptographic requirements around them?
There is a way that we could achieve the same security requirements by binding the session to the origin it's connected to and have the wallet maintain an internal mapping where it checks every session identifier is being used by the correct origin. Then the cryptographic requirements wouldn't be necessary since we'd achieve the security in a different way.
In theory this is actually a more secure design because these session identifiers are capability objects theoretically could be stolen to conduct a session hijacking attack to bypass permissions. The advantage to the cryptographic requirement though is that you can delegate the session permissions to a first/third party iframe which may be useful. In general, I've leaned towards not wanting to allow cross origin sharing of information because it can lead to cross origin tracking and other unexpected privacy and security violations, so maybe it's better that we don't actually use a cryptographic entropy requirement and instead require the wallet to maintain state connecting the origin to the session identifier?
It's not clear to me what the question is here. Is the concern that we don't think session identifiers need to exist or that we don't believe they need to have cryptographic requirements around them?
There is a way that we could achieve the same security requirements by binding the session to the origin it's connected to and have the wallet maintain an internal mapping where it checks every session identifier is being used by the correct origin. Then the cryptographic requirements wouldn't be necessary since we'd achieve the security in a different way.
In theory this is actually a more secure design because these session identifiers are capability objects theoretically could be stolen to conduct a session hijacking attack to bypass permissions. The advantage to the cryptographic requirement though is that you can delegate the session permissions to a first/third party iframe which may be useful. In general, I've leaned towards not wanting to allow cross origin sharing of information because it can lead to cross origin tracking and other unexpected privacy and security violations, so maybe it's better that we don't actually use a cryptographic entropy requirement and instead require the wallet to maintain state connecting the origin to the session identifier?
Originally posted by @kdenhartog in ChainAgnostic/CAIPs#228 (comment)
The text was updated successfully, but these errors were encountered: