It seems that we're envisioning partial encryption of response data: "Each payment method defines which response fields are not sensitive. Those fields are returned in the response along with the encryption of the full response." Is there a good reason to include both encryptedData and plainData? Why not encrypt the entire response? What are the use cases behind this suggestion? Do entities in the middle (say, the merchant or a PSP if the response is going to an issuer or other entity) need access to some of the response fields? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-crypto/issues/7
Received on Thursday, 8 March 2018 01:46:08 UTC