- From: Manu Sporny <notifications@github.com>
- Date: Thu, 16 Jun 2016 08:46:33 -0700
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
- Cc:
Received on Thursday, 16 June 2016 15:47:14 UTC
> So merchants should check the response. How do merchants know the response wasn't tampered with in transit? That is, if we're putting the total in there so the merchants can feel safe that the amount requested was the amount paid (and we have no MiTM protection on totalAmount), doesn't that defeat the purpose of including the value in the response? --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/issues/215#issuecomment-226526853
Received on Thursday, 16 June 2016 15:47:14 UTC