- From: Ian Jacobs <ij@w3.org>
- Date: Tue, 29 Sep 2020 14:26:12 -0500
- To: public-webauthn-pay@w3.org
- Cc: Benjamin Tidor <btidor@stripe.com>
Hi all, Minutes from today’s discussion (on Client-initiated back-channel auth, and cryptograms in Secure Payment Confirmation): https://www.w3.org/2020/09/29-webauthn-pay-minutes Next call of this task force: 13 October I expect we will continue our discussion of SPC cryptograms at that call. Some properties I have already taken away from today’s call: * Some randomness needs to be injected into the challenge. * Randomness does not need to be created by the verifier. (Verifiers must trust the randomness of the generator in this case.) * Randomness does not have to be kept secret. * Party that generates randomness needs to communicate it securely to the verifier. Benjamin, it would be useful to start to create a list of design considerations in the SPC doc, or an issue. Thank you, Ian -- Ian Jacobs <ij@w3.org> https://www.w3.org/People/Jacobs/ Tel: +1 718 260 9447
Received on Tuesday, 29 September 2020 19:26:17 UTC