How can clients verify that a device they're interacting with is compliant? #385
Labels
needs discussion
privacy-tracker
Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Profile-1.0
Comments
pes10k
added
the
privacy-tracker
|
again cc @NalaGinrut (though please let me know if i can help with discussion or handling this issue) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue is being filed as part of the requested PING review, and on behalf of @NalaGinrut who did the review (who i hope will correct me if I've misstated their concerns).
The spec currently states that
However, its not clear how a client could verify that a TD is compliant and honest in its claims. What methods can a client, for example, use to ensure a device they're interacting with isn't being deceptive or malicious? If thats not possible, we think its important to say so explicitly in the security and privacy considerations section (i.e., that the protections require honesty, and are not robust to malicious/dishonest devices/participants)
The text was updated successfully, but these errors were encountered: