Re: [webpayments] How are third-party native wallets integrated? (#42) from Håvard Molland on 2016-02-19 (public-payments-wg@w3.org from February 2016)

From: Håvard Molland <notifications@github.com>
Date: Fri, 19 Feb 2016 04:52:30 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Cc: webpayments <public-payments-wg@w3.org>
Message-ID: <w3c/webpayments/issues/42/186203042@github.com>

@rsolomakhin : That's great. There is one other obstacle though (which is Chromium specific, so not sure how much that should affect this group). Chromium does not currently do EV evaluation on Android. I believe one reason is that Android lacks revocation support (Chromium uses the OS to evaluate the cert). Revocation support is required for EV sites so that the CA can revoke the site's EV status. Chromium on desktop supports revocation checking of EV certs for that  [reason](https://www.chromium.org/Home/chromium-security/security-faq#TOC-What-s-the-story-with-certificate-revocation-). I believe this could be added as an extra check in the Chromium code after Android has evaluated the cert. It might also be possible that it will be added to the new certificate verification library that is currently being [developed](https://bugs.chromium.org/p/chromium/issues/detail?id=410574#c45).  But that needs to be discussed with the Chromium network team. 

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/42#issuecomment-186203042

Received on Friday, 19 February 2016 12:53:04 UTC