W3C home > Mailing lists > Public > public-payments-wg@w3.org > November 2016

Re: Overview of Payment App dev call Nov 14th, 2016

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 18 Nov 2016 12:08:01 +0100
To: Rouslan Solomakhin <rouslan@google.com>
Cc: Web Payments Working Group <public-payments-wg@w3.org>, "Hackett, Conor" <Conor.Hackett@worldpay.com>, ์ž„๋™์šฐ <dw.im@samsung.com>
Message-ID: <e54813eb-6ab9-531e-12a0-83adce6a2b0d@gmail.com>
On 2016-11-18 11:56, Rouslan Solomakhin wrote:
> Some Android payment apps would like an extra level of protection by manually
 > checking website certificates against their own list of CAs instead of trusting the OS or the browser.

I see.  Personally I think this represents a weird trust model.  It it easier understanding
the scheme used in Apple Pay where merchant certificates (IIUC...) are unrelated to Web sites.

Anders

>
> On Nov 18, 2016 5:53 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     On 2016-11-16 14:18, Hackett, Conor wrote:
>     <snip>
>
>         ยท         Samsung has proposed several improvements to this spec that not yet in doc:
>
>         o   Pass merchants certificate to the payment app
>
>
>     Could somebody elaborate a bit on this?  It sounds like a major (and promising)
>     departure from Android intents.
>
>     Anders
>
>
>
Received on Friday, 18 November 2016 11:08:46 UTC

This archive was generated by hypermail 2.3.1 : Friday, 18 November 2016 11:08:46 UTC