- From: ianbjacobs <notifications@github.com>
- Date: Wed, 09 Dec 2015 09:58:59 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
Received on Wednesday, 9 December 2015 17:59:32 UTC
I hear @adrianhopebailie (and perhaps others) saying "If it's meant to be encrypted, the Web app and the Payment app will both do what's necessary." This sounds about right if the Web app and the payment app are the endpoints, and they can encrypt and decrypt the message data. The spec probably *should* say that the Web application and the payment app SHOULD secure message data. Aside: The flow diagrams could aid us in seeing whether there are steps in the transaction where the messages must be secured. It also sounds like we would want to advise those who want to do encryption to at least consider using the W3C WebCrypto spec (as an informative reference): http://www.w3.org/TR/WebCryptoAPI/ I do not have any sense yet that a stronger requirement to use WebCrypto for all encryption is appropriate. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/20#issuecomment-163340651
Received on Wednesday, 9 December 2015 17:59:32 UTC