Discussed on 30 January [1]. My sense from the call is that we should replace this vague language with very specific language about concrete dependencies. Keyur pointed out that "cardNumber" is really supposed to refer to piece of data specified in an EMVCo specification, whereas "cryptogram" may be variable, depending on authentication method. One suggestion was that the spec could articulate a high level goal of providing security at least as strong as what is expected from EMVCo specifications. [1] https://www.w3.org/2018/01/30-wpwg-minutes#item02 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-methods-tokenization/issues/28#issuecomment-361683968
Received on Tuesday, 30 January 2018 18:14:09 UTC