On topic though, Stripe is trying to make themselves the Visa/Mastercard of crypto. They're in position to do so and it seems like Coinbase is their other half. I don't trust or like it though.
Am the primary author of the core spec, alongside many others at Tempo and Stripe [0].
As is customary with the IETF draft process, this is our first submission and we expect that we will continue to iterate with the broader community -- including yourself if you are interested in contributing [1]
Thanks for feedback on those two points.
Re: Refunds: This is a payment method specific implementation detail. e.g. this looks very different on cards vs. bank accounts vs. stablecoins. We will provide stronger guidance here to remove ambiguity in the spec
Re: 403: This provision comes from the ability to have _multiple_ Authentication headers, which we view as a necessity for real-world utilization and also compatibility with the Authentication scheme. Similar to the above, we will provide stronger guidance for servers which may support a plurality of authentication schemes and need to handle this edge case.
[0] Had to create a new account since it turns out many years ago I never set an email on my HN profile...
> Servers MAY return 402 when:
> * Offering optional paid features or premium content
This implies that a successful GET request to a resource that user already does have access to, might still return 402 instead of 200. This makes 402 basically unworkable.
Are you open to contributing to this RFC?