Is there a nonce relay vulnerability here? You try to verify your email with sit... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		8organicbits 35 days ago \| parent \| context \| favorite \| on: Email verification protocol Is there a nonce relay vulnerability here? You try to verify your email with site A. Site A starts an email verification with site B. Site B sends a nonce to A, A relays the nonce to the user. The user generates the proof, sends it to A. Then A sends it to B.

callahad 35 days ago [–]

Step 5.2; the browser binds the KB-JWT to the site it's on, so Site A would receive a JWT that is only valid for Site A.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact