- From: Rouslan Solomakhin <notifications@github.com>
- Date: Tue, 04 Apr 2017 06:38:40 -0700
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 4 April 2017 13:39:12 UTC
I'm OK using SRI:
```json
"integrity": "sha256-QTY6N0I6MjA6MDQ6RDE6MDM6MDc6OTI6RTI6QTU6MzE6Njc6NjYK
sha256-RTk6RTM6ODc6MTQ6RUM6NkQ6QTI6MDQ6MjE6RTA6RkQ6M0I6RDEK"
```
However, we cannot use the SRI algorithm as-is. A list of hashes in SRI means "verify the strongest fingerprint," whereas a list of fingerprints on Android means "verify each fingerprint." If that's OK with @mgiuca, then let's roll with it.
FYI, the original proposal was loosely based on [Digital Asset Links](https://developers.google.com/digital-asset-links/v1/getting-started).
I think this bikeshed is complete. Let's not repaint it again, if we can help it ;-)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/225#issuecomment-291502267
Received on Tuesday, 4 April 2017 13:39:12 UTC