- From: Adam Roach <abr@mozilla.com>
- Date: Sat, 9 Jul 2016 09:16:10 +0100
- To: Adrian Hope-Bailie <adrian@hopebailie.com>, Payments WG <public-payments-wg@w3.org>
Received on Saturday, 9 July 2016 08:16:44 UTC
On 7/9/16 08:52, Adrian Hope-Bailie wrote: > It would however prevent sniffing data from this channel Before we add this complication, I think I'd want an existence proof of some method whereby an attacker could inject himself in a way that would perform passive interception without also allowing active tampering. At first blush, it seems like it's adding the illusion of increased security without actually making things better. > Note: I'm leaving talk of a more sophisticated solution where the keys > are bound to the merchant and can be verified by the payment app to > another discussion, there was a decent size group of volunteers in > London interested in exploring that topic. This seems more worthwhile. -- Adam Roach Principal Platform Engineer Office of the CTO
Received on Saturday, 9 July 2016 08:16:44 UTC