Auth should definitely be taken care of in a way that is out of scope here. (i.e., you should not rely on Android package signing for payment auth). However, I still think there is merit to being able to verify that the Android app you are talking to is the one that was signed by the right person. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/225#issuecomment-290322554Received on Thursday, 30 March 2017 07:12:35 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:24 UTC