FYI: Security Analysis of Web Payments (Master's thesis) from Ian Jacobs on 2020-04-01 (public-payments-wg@w3.org from April 2020)

From: Ian Jacobs <ij@w3.org>
Date: Wed, 1 Apr 2020 09:16:40 -0500
To: Web Payments Working Group <public-payments-wg@w3.org>
Message-Id: <A3D3AA10-B4C5-4B84-9DB1-E5D21F43E6A8@w3.org>

Dear Web Payments Working Group,

I’d like to draw your attention to a note we received today on GitHub from @crowgames:

   "I spent the last 6 months performing a formal security analysis of the current state of the Web Payment APIs as my Master's Thesis. You can find the report of the analysis attached to the issue.”

Here’s the issue (which summarizes three main topics):
  https://github.com/w3c/payment-request/issues/903

Here’s the thesis:
 https://github.com/w3c/payment-request/files/4414703/a_formal_security_analysis_of_the_web_payment_apis.pdf

Many thanks to @crowgames for doing this work and sharing it with the Web Payments Working Group!

Ian

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 718 260 9447

Received on Wednesday, 1 April 2020 14:16:45 UTC