Re: [Minutes] 29 September task force of the Web Authentication and Web Payments Working Groups from Benjamin Tidor on 2020-09-29 (public-webauthn-pay@w3.org from September 2020)

From: Benjamin Tidor <btidor@stripe.com>
Date: Tue, 29 Sep 2020 12:33:30 -0700
To: Ian Jacobs <ij@w3.org>
Cc: public-webauthn-pay@w3.org
Message-ID: <CAOkMxBy=ETaaoOHPAgzny88AZGRv9rBn=tX_pRpJ6nfsJ++xJQ@mail.gmail.com>

Thanks! Issue created:

https://github.com/rsolomakhin/secure-payment-confirmation/issues/28

On Tue, Sep 29, 2020 at 12:26 PM Ian Jacobs <ij@w3.org> wrote:

> Hi all,
>
> Minutes from today’s discussion (on Client-initiated back-channel auth,
> and cryptograms in Secure Payment Confirmation):
>   https://www.w3.org/2020/09/29-webauthn-pay-minutes
>
> Next call of this task force: 13 October
>
> I expect we will continue our discussion of SPC cryptograms at that call.
> Some properties I have already taken away from today’s call:
>
>  * Some randomness needs to be injected into the challenge.
>  * Randomness does not need to be created by the verifier. (Verifiers must
> trust the randomness of the generator in this case.)
>  * Randomness does not have to be kept secret.
>  * Party that generates randomness needs to communicate it securely to the
> verifier.
>
> Benjamin, it would be useful to start to create a list of design
> considerations in the SPC doc, or an issue.
>
> Thank you,
>
> Ian
>
> --
> Ian Jacobs <ij@w3.org>
> https://www.w3.org/People/Jacobs/
> Tel: +1 718 260 9447
>
>
>
>
>

Received on Tuesday, 29 September 2020 19:35:32 UTC