Re: [w3c/webpayments-method-identifiers] feat: rewrite all the things (#35) from Marcos Cáceres on 2017-04-28 (public-webpayments-specs@w3.org from April 2017)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 27 Apr 2017 20:15:45 -0700
To: w3c/webpayments-method-identifiers <webpayments-method-identifiers@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments-method-identifiers/pull/35/review/35267983@github.com>

marcoscaceres commented on this pull request.



>          </p>
       </section>
     </section>
     <section>
       <h2>
+        Security consideration
+      </h2>
+      <p>
+        The URLs relied upon by this specification are only expected to be used
+        by APIs, or internally by the user agent. As such, there is no
+        expectation that URLs defined in this specification would ever be
+        rendered or passed around by end-users.

Does payment manifest somehow expose these URLs to end users? 

FWIW, I don't mind removing this section in its entirety, or just stating: "There are no known privacy or security issues to be considered at this time. This is subject to change as this specification evolves." or something like that. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-method-identifiers/pull/35#discussion_r113844797

Received on Friday, 28 April 2017 03:16:20 UTC