Encrypting to multiple parties

w3c / webpayments-crypto

Crypto discussions of the Web Payments Working Group

https://github.com/w3c/webpayments-crypto/wiki

Other

5 stars 7 forks source link

Encrypting to multiple parties #8

Closed stpeter closed 6 years ago

stpeter commented 6 years ago

The spec raises the question of whether we might need to encrypt the same response data to multiple parties. I'm adding this as a GitHub issue to track it.

And by the way, this is handled by JWE. See Section 5.13 of RFC 7520 for examples: https://tools.ietf.org/html/rfc7520#section-5.13

MasterKeyur commented 6 years ago

Please can you provide a use-case in payment request world. I think when it comes to sending sensitive data like card it should be intended to be received and used by one party.

stpeter commented 6 years ago

@MasterKeyur I completely agree. So let's scrub this from the spec (or explicitly note that encrypting to multiple parties is out of scope).