Re: [w3c/webpayments-payment-apps-api] Revisiting payment app filtering (#96)

@jakearchibald -- agree with the approach. One comment:
>If fixing the security issues of "execution" also prevent use-cases. As in, if some use-cases need network access, then that requirement clashes with the security requirements.

If it is, from an information theory standpoint, even possible to craft a "config" option (which by definition cannot access the network at evaluation time) to satisfy a use case, then it ___must___ be possible to craft an "execution" option that does not need to access the network for that same use case. This third bullet is a red herring.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/96#issuecomment-275458532

Received on Thursday, 26 January 2017 17:48:53 UTC