W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2021

Re: [webauthn] FIDO Payment Support (#1570)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Wed, 17 Feb 2021 09:50:51 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-780436965-1613555450-sysbot+gh@w3.org>
Although security for the "backend" is not covered here, there are a few apparent things worth mentioning.
- The name "Super Shop" could be a lie.  The **Acquirer** should have the information needed to block such a transaction.
- The domain "supershop.com" can be provided by the **Acquirer** as a part of the augmented AREQ sent to the **Issuer**.  A mismatch should abort the transaction request.
- If the **Merchant** changes anything in its payment claim, it will be revealed by the **Issuer** due to the hashing arrangement. 

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1570#issuecomment-780436965 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 17 February 2021 09:50:59 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:42 UTC