Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.7.4 is hard to understand #2575

Open
tghosth opened this issue Feb 6, 2025 · 5 comments
Open

2.7.4 is hard to understand #2575

tghosth opened this issue Feb 6, 2025 · 5 comments
Assignees
@tghosth
Labels
4) proposal for review Issue contains clear proposal for add/change something V2 _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@tghosth
Copy link
Collaborator

tghosth commented Feb 6, 2025

2.7.4:

[GRAMMAR] Verify that the secondary communications channel being used is secure and independent of the primary channel.
@tghosth
Copy link
Collaborator Author

tghosth commented Feb 6, 2025

@elarlang feels like it is not not in scope.

I think we need to look at the context to see whether it needs clarifying or rewording

@tghosth tghosth self-assigned this Feb 6, 2025
@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - prep This needs to be addressed to prepare 5.0 V2 labels Feb 6, 2025
@tghosth
Copy link
Collaborator Author

tghosth commented Feb 9, 2025

So I think this is in scope because it is basically saying you have to send OTPs or push notifications via a secure channel. I would suggest that this is not something you are implementing as such but rather how you choose a solution.

I would suggest rewording to:

"[GRAMMAR] Verify that the out of band verification (for example a code or a push notification) is sent via a secure channel which is separate to the application's primary communication mechanism."

@elarlang what do you think?

@tghosth tghosth added 4) proposal for review Issue contains clear proposal for add/change something and removed 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet labels Feb 9, 2025
@elarlang
Copy link
Collaborator

elarlang commented Feb 9, 2025

How I need to test this requirement? (Is it verifiable?). What it gives extra to what is covered in V9 requirements?

@tghosth
Copy link
Collaborator Author

tghosth commented Feb 9, 2025

Enquiry/document review based testing.

However, the real problem I have with this is, is email a secure channel? Is SMS a security channel?

@jmanico
Copy link
Member

jmanico commented Feb 9, 2025 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tghosth tghosth

Labels
4) proposal for review Issue contains clear proposal for add/change something V2 _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmanico @tghosth @elarlang