- From: Shane McCarron <notifications@github.com>
- Date: Wed, 02 Dec 2015 07:50:36 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
Received on Wednesday, 2 December 2015 15:52:08 UTC
I think consumers are becoming more aware of the little lock icon in the location bar. They WANT things to be "secure", even as they don't really know what that means. So yes, require HTTPS. Why not? On Tue, Dec 1, 2015 at 10:39 PM, Manu Sporny <notifications@github.com> wrote: > Should the Browser API be restricted to HTTPS-only environments? > > Yes, we want the attack surface as small as we can make it while > delivering on the important use cases. I can't think of an advantage that > HTTP-only brings other than a potential reduction in cost for buying an > HTTPS certificate (and hopefully that's going away soon w/ Let's Encrypt). > > — > Reply to this email directly or view it on GitHub > <https://github.com/w3c/webpayments/issues/20#issuecomment-161178460>. > -- Shane McCarron halindrome@gmail.com --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/20#issuecomment-161341321
Received on Wednesday, 2 December 2015 15:52:08 UTC