- From: Anders Rundgren <notifications@github.com>
- Date: Sun, 20 May 2018 21:53:53 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 21 May 2018 04:54:16 UTC
@marcoscaceres I think you were a bit hot on the trigger here 😂. The _Creator_ of the signature would not be a browser and is thus affected by JSON property (un)order. Imagine a **PaymentHandle**r scenario. The browser can't do much with the signature since the key used to sign with, hardly is known by the browser. I.e. the bank/PSP (which also isn't a browser), would be the most likely _Verifier_. By relying on _platform independent_ canonincalization you are free defining where a signature is created and verifed. For **PaymentRequest** there may be quite a bunch of different scenarios. Anyway, where is the pointer to "the better" solution? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/714#issuecomment-390552775
Received on Monday, 21 May 2018 04:54:16 UTC