Re: [webauthn] WebAuthn and Web Payments -- Transaction Confirmation, 3DS2, SRC, etc. (#1396)

@mattimac If the OS or Browser is corrupted all bets are off.  This however, is a generic computing issue.

A bigger problem is that there is no such thing as "trusted Web code" which makes WebAuthn less useful for payments than native apps.  A payment request would preferably be a strictly formatted JSON message like
    "payee": "Acme Shop",
    "amount": "145.00",
    "currency": "USD"
which is the thing you sign ("authorize"), but the message be would rendered in a user-oriented way.  This requires some kind of trusted UI.  That payment handlers can't be shared like cards in Apple Pay is another limitation.

GitHub Notification of comment by cyberphone
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 10 June 2020 16:12:38 UTC