Re: [webpayments] How are payment messages trusted? (#19)

As long as you imagine the person being payed is a merchant, as opposed to say a friend, then they do not need cryptographic deniability, so signatures work in principle.  I suppose the question can be more clearly phrased as, how does the payment applicaiton get the merchant's key material, no? 

Apologies  if this is dealt with elsewhere, but does the standard address how should one deal with signing JSON data?  It's obviously possible to construct a canonical JSON representation, as a string and sign it, but that proves tricky in practice.  We wound up signing C structs encoded with C code compiled to JavaScript using emscripten, which although hacky at least always works correctly. 

Reply to this email directly or view it on GitHub:

Received on Friday, 11 December 2015 13:09:44 UTC