Re: [webpayments] Should we be concerned about the use of the Browser API in a non-HTTPS environment? (#20) from Manu Sporny on 2015-12-02 (public-payments-wg@w3.org from December 2015)

From: Manu Sporny <notifications@github.com>
Date: Tue, 01 Dec 2015 20:39:07 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/20/161178460@github.com>

> Should the Browser API be restricted to HTTPS-only environments?

Yes, we want the attack surface as small as we can make it while delivering on the important use cases. I can't think of an advantage that HTTP-only brings other than a potential reduction in cost for buying an HTTPS certificate (and hopefully that's going away soon w/ Let's Encrypt).

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/20#issuecomment-161178460

Received on Wednesday, 2 December 2015 04:39:41 UTC