Closed stpeter closed 6 years ago
Please can you provide a use-case in payment request world. I think when it comes to sending sensitive data like card it should be intended to be received and used by one party.
@MasterKeyur I completely agree. So let's scrub this from the spec (or explicitly note that encrypting to multiple parties is out of scope).
The spec raises the question of whether we might need to encrypt the same response data to multiple parties. I'm adding this as a GitHub issue to track it.
And by the way, this is handled by JWE. See Section 5.13 of RFC 7520 for examples: https://tools.ietf.org/html/rfc7520#section-5.13