ianbjacobs
commented
6 years ago Closing for now since likely to be addressed in the encryption proposal: https://github.com/w3c/webpayments-crypto/wiki/Encryption
Forthcoming review of that proposal by @MasterKeyur and @stpeter may lead to additional issues on that wiki.
Creating an individual issue from the list in #26 in reference to: https://github.com/w3c/webpayments-methods-tokenization/wiki/Tokenized-Card
"With respect to "Tokenized payment credentials MUST be encrypted.: this doesn't tell the reader (and especially the implementer) very much. Encrypted between which parties? Encrypted using what technologies? Is forward secrecy required? Is this transport security only (e.g., TLS) or also end-to-end object encryption? Etc."