- From: David I. Lehn <dil@lehn.org>
- Date: Thu, 31 Oct 2013 21:32:34 -0400
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: Web Payments CG <public-webpayments@w3.org>
On Tue, Oct 22, 2013 at 8:08 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > For payment operations you ought to have a trusted GUI. > It would be nice to get a list of possible options for achieving this. > The problem with most GUIs is that an attacker can emulate what the GUI looks like and intercept your secure data. You could show secrets (pictures, etc, etc) that are only accessible via the trusted GUI. But then you have to make sure users understand how and why to set that up properly, and ensure that they are trained to notice if those secrets do not appear. That seems like the hard part. -dave
Received on Friday, 1 November 2013 01:33:01 UTC