W3C home > Mailing lists > Public > public-payments-wg@w3.org > December 2015

Re: [webpayments] Should we be concerned about the use of the Browser API in a non-HTTPS environment? (#20)

From: Adrian Hope-Bailie <notifications@github.com>
Date: Wed, 09 Dec 2015 01:51:22 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/20/163166070@github.com>
>So +1 for enabling parts of Web Payments messages to be encrypted (like card tokens). -1 for requiring any top-level Web Payments messages to be encrypted (like payment responses).

Strong +1 

Data in messages will be encrypted or signed as defined by the payment method.
The payments browser API should only be available in a secure context.

Reply to this email directly or view it on GitHub:
Received on Wednesday, 9 December 2015 09:51:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:12 UTC