Merchant certs can still be used but that would be defined per payment method. It's overly complex to try and do this at the top level. ApplePay is a payment method under this system so I think this works On 18 November 2016 at 20:08, Anders Rundgren <anders.rundgren.net@gmail.com > wrote: > On 2016-11-18 11:56, Rouslan Solomakhin wrote: > >> Some Android payment apps would like an extra level of protection by >> manually >> > > checking website certificates against their own list of CAs instead of > trusting the OS or the browser. > > I see. Personally I think this represents a weird trust model. It it > easier understanding > the scheme used in Apple Pay where merchant certificates (IIUC...) are > unrelated to Web sites. > > Anders > > > >> On Nov 18, 2016 5:53 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com >> <mailto:anders.rundgren.net@gmail.com>> wrote: >> >> On 2016-11-16 14:18, Hackett, Conor wrote: >> <snip> >> >> ยท Samsung has proposed several improvements to this spec >> that not yet in doc: >> >> o Pass merchants certificate to the payment app >> >> >> Could somebody elaborate a bit on this? It sounds like a major (and >> promising) >> departure from Android intents. >> >> Anders >> >> >> >> > >
Received on Friday, 18 November 2016 15:44:06 UTC