Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Poll endpoint should require authorization #208

Open
FragLegs opened this issue Sep 24, 2024 · 0 comments
Open

Poll endpoint should require authorization #208

FragLegs opened this issue Sep 24, 2024 · 0 comments
Labels
spec:SSF v1Final Issues that must be fixed before we propose a spec to become a v1 final spec.

Comments

@FragLegs
Copy link
Contributor

The second recommendation from the final security audit:

As we note in Section 2.6, poll endpoint URLs
are not required to be secret, i.e., SETs could be requested by any party. For use cases requiring
confidentiality of SETs, we recommend mandating authorization at the poll endpoint.
@FragLegs FragLegs added v1Final Issues that must be fixed before we propose a spec to become a v1 final spec. spec:SSF labels Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
spec:SSF v1Final Issues that must be fixed before we propose a spec to become a v1 final spec.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FragLegs