- From: Ian Jacobs <ij@w3.org>
- Date: Wed, 28 Feb 2018 14:23:31 -0600
- To: public-web-security@w3.org
- Cc: Wendy Seltzer <wseltzer@w3.org>, Peter Saint-Andre <stpeter@mozilla.com>
Dear Web Security IG, Over in the Web Payments Working Group we are developing a proposal [1] to improve the security of payments on the Web by facilitating the encryption of sensitive data the flows through the Payment Request API. To summarize the proposal: * The merchant invokes Payment Request API and passes a reference to a key provider. * When the user selects a payment method, the application used to make the payment encrypts the response data using this key. The proposal [1] calls out some of the use cases for this general approach to encryption of response data. While the proposal has received cursory review (which has been helpful), we have not had deeper review by crypto experts / implementers. For that reason, I am writing to the IG to see if there is anyone interested in working with us to figure out how to bring encryption to the Payment Request ecosystem. Thank you, Ian [1] https://github.com/w3c/webpayments-crypto/wiki/Encryption -- Ian Jacobs <ij@w3.org> https://www.w3.org/People/Jacobs/ Tel: +1 718 260 9447
Received on Wednesday, 28 February 2018 20:23:34 UTC