- From: ianbjacobs <notifications@github.com>
- Date: Wed, 09 Dec 2015 10:28:16 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
Received on Wednesday, 9 December 2015 18:29:10 UTC
As mentioned on a separate thread, I think W3C WebCrypto [1] is relevant here but I don't know whether it meets all our needs. As the spec is fleshed out we'll know more. @adrianhopebailie asked: "What happens if my UA has been compromised and whenever I get a payment request the merchant details are changed so my payment goes to the wrong person?" It seems to me that, like other topics, Web apps and payment apps can determine the degree of security they wish to guarantee. Some apps will use signatures, I assume, and perhaps they will distinguish themselves in the market by doing so. We make it easier to do through the WebCrypto API. Thus, in the spec we can call this as a "Security Consideration". Ian [1] http://www.w3.org/TR/WebCryptoAPI/ --- Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/19#issuecomment-163349826
Received on Wednesday, 9 December 2015 18:29:10 UTC