- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 27 Feb 2015 10:44:47 +0100
- To: "public-webpayments-comments@w3.org" <public-webpayments-comments@w3.org>
If you pay in a shop using your "Carte Bancaire" (I'm in France) you put the card in a terminal provided by a certified vendor of trusted payment terminals, right? That is, the card is never directly exposed to potentially malicious merchant code. Now if you rather go to the Web, you'll find that the entire concept "Trusted Code" is missing! Strong authentication to specific domains (like U2F) compensate for this deficiency at the expense of user experience and limited flexibility when it comes to provider selection. - Anders
Received on Friday, 27 February 2015 09:45:26 UTC