Re: [w3c/browser-payment-api] Propose a payment method specification that includes an example of field level security (#141) from Shane McCarron on 2016-04-19 (public-webpayments-specs@w3.org from April 2016)

From: Shane McCarron <notifications@github.com>
Date: Tue, 19 Apr 2016 10:39:45 -0700
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/141/212035508@github.com>

I think actually if there is any encryption beyond TLS, it would necessarily be on the merchant side when initiating the request.  If I care about encrypting my content, I surely do not want to expose it to the user agent.  I want to pass the encrypted blob to the payment app along with some sort of an indication of how to decrypt it.

I also think this is out of scope for what we are designing right now, but I could be wrong.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/141#issuecomment-212035508

Received on Tuesday, 19 April 2016 17:40:37 UTC