Re: [w3c/webpayments-payment-apps-api] Should origin information (about the payment request) be shared with the payment app? (#27) from Jeff Burdges on 2016-08-17 (public-webpayments-specs@w3.org from August 2016)

From: Jeff Burdges <notifications@github.com>
Date: Wed, 17 Aug 2016 16:48:56 -0700
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/27/240583810@github.com>

I've likely missed some relevant conversations, but the payment app learning the recipient sounds fine in principle.  It should not learn this until the users picks it thought the payment mediator of course. 

There might be interesting payment apps where controlling this information could be a selling point, but mostly that sounds like BitCoin or Zerocoin space stuff, like maybe your private keys remain air gapped or something. 

It's generally false however that users should trust their payment app, especially if it's web based.  There are obviously going to be malicious web based payment apps that trick the user into installing them for various nefarious purposes. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/27#issuecomment-240583810

Received on Wednesday, 17 August 2016 23:49:32 UTC