- From: Anders Rundgren <notifications@github.com>
- Date: Wed, 29 Mar 2017 23:44:55 -0700
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 30 March 2017 06:45:27 UTC
@mgiuca > Are you suggesting that Web Payments shouldn't need to verify the payment app because additional verification would take place while completing the payment flow? What I'm saying is that the potential problem is (or should be at least) addressed during payment credential enrollment which is out of scope for this WG as far as I can tell. That is, banks do not want to deploy their precious keys in arbitrary apps which is why Android provides isolation features like: https://developer.android.com/training/articles/keystore.html -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/225#issuecomment-290317586
Received on Thursday, 30 March 2017 06:45:27 UTC