Re: [webpayments] Should we be concerned about the use of the Browser API in a non-HTTPS environment? (#20)

I think consumers are becoming more aware of the little lock icon in the
location bar.  They WANT things to be "secure", even as they don't really
know what that means.  So yes, require HTTPS.  Why not?

On Tue, Dec 1, 2015 at 10:39 PM, Manu Sporny <>

> Should the Browser API be restricted to HTTPS-only environments?
> Yes, we want the attack surface as small as we can make it while
> delivering on the important use cases. I can't think of an advantage that
> HTTP-only brings other than a potential reduction in cost for buying an
> HTTPS certificate (and hopefully that's going away soon w/ Let's Encrypt).
> —
> Reply to this email directly or view it on GitHub
> <>.

Shane McCarron

Reply to this email directly or view it on GitHub:

Received on Wednesday, 2 December 2015 15:52:08 UTC