Re: [webauthn] FIDO Payment Support (#1570)

Although security for the "backend" is not covered here, there are a few apparent things worth mentioning.
- The name "Super Shop" could be a lie.  The **Acquirer** should have the information needed to block such a transaction.
- The domain "" can be provided by the **Acquirer** as a part of the augmented AREQ sent to the **Issuer**.  A mismatch should abort the transaction request.
- If the **Merchant** changes anything in its payment claim, it will be revealed by the **Issuer** due to the hashing arrangement. 

GitHub Notification of comment by cyberphone
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 17 February 2021 09:50:59 UTC