Bug #190
RefreshAddress not checked for same origin
Start date:
03/21/2013
Due date:
% Done:
0%
Estimated time:
Reviewer:
Build Version:
Description
The certificate obtained from the TLS connection used to retrieve the TCToken must be used to validate the RefreshAddress. This is currently not the case.
The relevant section in the eCard API (Part 7) is 3.4.5
Related issues
History
Updated by Tobias Wich almost 8 years ago
- Target version changed from 1.0.1 to 1.0.2
Issue needs further investigation because the "Same origin" check is dependent on information from EAC, which is only available when the nPA is used.
Updated by Tobias Wich over 7 years ago
- Status changed from New to Review
- Reviewer set to Tobias Wich