W3C home > Mailing lists > Public > public-payments-wg@w3.org > December 2015

Re: [webpayments] Should we be concerned about the use of the Browser API in a non-HTTPS environment? (#20)

From: Shane McCarron <notifications@github.com>
Date: Wed, 02 Dec 2015 07:50:36 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/20/161341321@github.com>
I think consumers are becoming more aware of the little lock icon in the
location bar.  They WANT things to be "secure", even as they don't really
know what that means.  So yes, require HTTPS.  Why not?

On Tue, Dec 1, 2015 at 10:39 PM, Manu Sporny <notifications@github.com>

> Should the Browser API be restricted to HTTPS-only environments?
> Yes, we want the attack surface as small as we can make it while
> delivering on the important use cases. I can't think of an advantage that
> HTTP-only brings other than a potential reduction in cost for buying an
> HTTPS certificate (and hopefully that's going away soon w/ Let's Encrypt).
> —
> Reply to this email directly or view it on GitHub
> <https://github.com/w3c/webpayments/issues/20#issuecomment-161178460>.

Shane McCarron

Reply to this email directly or view it on GitHub:
Received on Wednesday, 2 December 2015 15:52:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:12 UTC