marketing

Marketing materials (presentations, posters, flyers)
Log | Files | Refs
commit f387f339a043f653a5ff12717240a6c22a6e2a88
parent 85d303ea3bf753f9eeaa5a11cfa3c22bcd6326c6
Author: Florian Dold <florian.dold@gmail.com>
Date:   Mon, 28 Jan 2019 01:45:58 +0530

payto: security and encoding

Diffstat:

Mstandards/draft-dold-payto.xml | 22++++++++++++++++++++--


1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/standards/draft-dold-payto.xml b/standards/draft-dold-payto.xml
@@ -197,14 +197,32 @@ The use of commas is optional for readability and they MUST be ignored.
   into allowable character using either an encoding or a replacement table.
   This conversion process MAY be lossy, except for the instruction field.
 </t>
+<t>
+  To avoid special encoding rules for the payment target identifier, the userinfo component
+  <xref target="RFC3986" /> is disallowed in payto URIs.  Instead, the payment target identifier is
+  given as an option, where encoding rules are uniform for all options.
+</t>
 </section>
 
 <section anchor="security" title="Security Considerations">
-<t>All 'payto' URIs SHOULD be treated as coming from an untrusted source.
-In particular, interactive applications handling the payto URI scheme MUST NOT initiate any
+<t>
+Interactive applications handling the payto URI scheme MUST NOT initiate any
 financial transactions without prior review and confirmation from the user,
 and MUST take measures to prevent clickjacking <xref target="HMW12"/>.
 </t>
+<t>
+Unless a payto URI is received over a trusted, authenticated channel,
+a user might not be able to identify the target of a payment.  In particular
+due to homographs <xref target="unicode-tr36" />, a payment target type SHOULD NOT
+use human-readable names in combination with unicode in the target
+account specification, as it could give the user the illusion of being able
+to identify the target account from the URL.
+</t>
+<t>
+To avoid unnecessary data collection, payment target types SHOULD NOT
+include personally identifying information about the sender of a payment that is not
+essential for an application to conduct a payment.
+</t>
 </section>
 
 <section anchor="iana" title="IANA Considerations">