I think consumers are becoming more aware of the little lock icon in the location bar. They WANT things to be "secure", even as they don't really know what that means. So yes, require HTTPS. Why not? On Tue, Dec 1, 2015 at 10:39 PM, Manu Sporny <notifications@github.com> wrote: > Should the Browser API be restricted to HTTPS-only environments? > > Yes, we want the attack surface as small as we can make it while > delivering on the important use cases. I can't think of an advantage that > HTTP-only brings other than a potential reduction in cost for buying an > HTTPS certificate (and hopefully that's going away soon w/ Let's Encrypt). > > — > Reply to this email directly or view it on GitHub > <https://github.com/w3c/webpayments/issues/20#issuecomment-161178460>. > -- Shane McCarron halindrome@gmail.com --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/20#issuecomment-161341321Received on Wednesday, 2 December 2015 15:52:08 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:12 UTC