<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">

</head>

<body>

<div>

<div>

<div>

<div style="direction: ltr;">Thanks Torsten and Daniel, </div>

<div><br>

</div>

<div style="direction: ltr;">This seems to be a very good starting point for a white paper/technical report. Is there any objection to starting a work based on this?

</div>

<div><br>

</div>

<div style="direction: ltr;">If so, please speak up by the end of this week. </div>

<div><br>

</div>

<div style="direction: ltr;">Best, </div>

<div><br>

</div>

<div style="direction: ltr;">Nat Sakimura</div>

<div style="direction: ltr;">Chair, FAPI WG. </div>

</div>

<div><br>

</div>

<div class="ms-outlook-ios-signature"><a href="https://aka.ms/o0ukef">Outlook for iOS</a> $B$rF~<j(B</div>

</div>

<div> </div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="dir="ltr""><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>$B:9=P?M(B:</b> Openid-specs-fapi <openid-specs-fapi-bounces@lists.openid.net> (Torsten Lodderstedt via Openid-specs-fapi <openid-specs-fapi@lists.openid.net>

 $B$NBeM}(B)<br>

<b>$BAw?.F|;~(B:</b> $B2PMKF|(B, 1$B7n(B 8, 2019 1:33 $B8aA0(B<br>

<b>$B08@h(B:</b> openid-specs-fapi@lists.openid.net<br>

<b>Cc:</b> Torsten Lodderstedt<br>

<b>$B7oL>(B:</b> [Openid-specs-fapi] Cross-Browser Payment Initiation Attack

<div> </div>

</font></div>

<meta content="text/html; charset=us-ascii">

<div class="BodyFragment"><font size="2"><span style="font-size:11pt">

<div class="PlainText">Hi all,<br>

<br>

Daniel and I wrote a document describing a potential kind of attack on redirect based flows used to authorize and initiate payments.<br>

<br>

We would like to contribute this document to the working group.<br>

<br>

kind regards,<br>

Torsten.<br>

</div>

</span></font></div>

<div class="BodyFragment"><font size="2"><span style="font-size:11pt">

<div class="PlainText"><br>

</div>

</span></font></div>

<div class="BodyFragment"><font size="2"><span style="font-size:11pt">

<div class="PlainText">_______________________________________________<br>

Openid-specs-fapi mailing list<br>

Openid-specs-fapi@lists.openid.net<br>

<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>

</div>

</span></font></div>

</div>

</body>

</html>