Re: [webpayments] Should we be concerned about the use of the Browser API in a non-HTTPS environment? (#20) from Adrian Hope-Bailie on 2015-12-09 (public-payments-wg@w3.org from December 2015)

From: Adrian Hope-Bailie <notifications@github.com>
Date: Wed, 09 Dec 2015 01:51:22 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/20/163166070@github.com>

>So +1 for enabling parts of Web Payments messages to be encrypted (like card tokens). -1 for requiring any top-level Web Payments messages to be encrypted (like payment responses).

Strong +1 

Data in messages will be encrypted or signed as defined by the payment method.
The payments browser API should only be available in a secure context.

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/20#issuecomment-163166070

Received on Wednesday, 9 December 2015 09:51:58 UTC