Re: [w3c/payment-request] Applying "Detached" JWS Signatures to PaymentRequest (#714)

@adrianhopebailie wrote:

> It has been the source of major vulnerabilities in JOSE signatures

Citation needed. As I understand it, the major vulnerabilities have been related to key handling.

Some of these matters are more carefully specified in the COSE (not JOSE) standard, so we might want to look at that for tokenization and encryption. See you over there. :-)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/issues/714#issuecomment-391796344

Received on Thursday, 24 May 2018 17:30:29 UTC