- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 18 Nov 2016 12:08:01 +0100
- To: Rouslan Solomakhin <rouslan@google.com>
- Cc: Web Payments Working Group <public-payments-wg@w3.org>, "Hackett, Conor" <Conor.Hackett@worldpay.com>, ์๋์ฐ <dw.im@samsung.com>
On 2016-11-18 11:56, Rouslan Solomakhin wrote: > Some Android payment apps would like an extra level of protection by manually > checking website certificates against their own list of CAs instead of trusting the OS or the browser. I see. Personally I think this represents a weird trust model. It it easier understanding the scheme used in Apple Pay where merchant certificates (IIUC...) are unrelated to Web sites. Anders > > On Nov 18, 2016 5:53 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > > On 2016-11-16 14:18, Hackett, Conor wrote: > <snip> > > ยท Samsung has proposed several improvements to this spec that not yet in doc: > > o Pass merchants certificate to the payment app > > > Could somebody elaborate a bit on this? It sounds like a major (and promising) > departure from Android intents. > > Anders > > >
Received on Friday, 18 November 2016 11:08:46 UTC