Re: Payment App spec implementations

On 03/10/2017 12:02 PM, Steve Sommers wrote:
> Not meaning to be a stick in the mud but I’ve been monitoring this
> thread from the shadows and this thread as well as a related thread
> from Tommy about complexity and I was wondering if anyone else has
> concerns about the complexity. I am a firm believer that the more
> complex a process, the chances of vulnerabilities increase
> exponentially -- this seems very complex.
> Has anyone stepped back and reevaluated the problem to see if there
> is a simpler, less complex solution?

Well, the less complex solution is getting this implemented directly in
browsers. There may, of course, be a less complex way to write a
polyfill; we've only just begun this discussion. But we should keep in
mind that it's a polyfill -- so by it's nature it is isn't meant to last
forever and is a degraded form of what browsers will eventually
implement natively.

Dave Longley
Digital Bazaar, Inc.

Received on Friday, 10 March 2017 17:09:12 UTC