W3C home > Mailing lists > Public > public-webpayments@w3.org > October 2013

Re: Credit-card payments on the Web - Stuck in its 1998 form

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 07 Oct 2013 19:43:38 +0200
Message-ID: <5252F2CA.1080107@gmail.com>
To: Web Payments CG <public-webpayments@w3.org>, Kingsley Idehen <kidehen@openlinksw.com>
Kingsley Idehen <kidehen@openlinksw.com>  wrote:
> On 10/6/13 4:02 PM, Anders Rundgren wrote:
> > Exactly.
> >
> > And browser's were not designed for performing secure transactions either.
> >
> > That is, there is no foundation for payment standards in this space
> > unless you have some 10 years or so to spend.
>
> Browsers are poor tools for any kind of secure interaction with
> protected data. Even when they implement PKI, they ultimately get the
> UX/UI wrong. That said, and this is really important to understand, they
> are but one type of HTTP user agent. As the mobile space demonstrates, a
> Web Browser doesn't have totally own how end-users interact with HTTP
> accessible resources.
>
> Thus, we don't need to wait 10 years to fix this problem. The standards
> being discussed and shaped on this list will go a long way towards
> fixing this problem i.e., decoupling the solution from a specific type
> of HTTP user agent :-)

Apparently yes because the banks in Sweden are now rewriting their
PKI-client for n:th time, this time ignoring the browser altogether.
Since Mozilla's <keygen> was created 1995/6, improvements in
this space takes even more than 10 years to accomplish :-(

Anders
Received on Monday, 7 October 2013 17:44:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:24 UTC