- From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 Feb 2021 09:50:51 +0000
- To: public-webauthn@w3.org
Although security for the "backend" is not covered here, there are a few apparent things worth mentioning. - The name "Super Shop" could be a lie. The **Acquirer** should have the information needed to block such a transaction. - The domain "supershop.com" can be provided by the **Acquirer** as a part of the augmented AREQ sent to the **Issuer**. A mismatch should abort the transaction request. - If the **Merchant** changes anything in its payment claim, it will be revealed by the **Issuer** due to the hashing arrangement. -- GitHub Notification of comment by cyberphone Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1570#issuecomment-780436965 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 17 February 2021 09:50:59 UTC