From the perspective of a crypto library maintainer: JOSE (JWT et al.) and Web Crypto API both force adding footguns we'd otherwise not add.
-
-
Replying to @BRIAN_____
Just curious, what are the major footguns in Web Crypto API?
1 reply 0 retweets 0 likes
Replying to @zooko
Examples: The only authenticated encryption is AES-GCM; there are many unauthenticated options. AES KeyWrap mode.
9:03 AM - 7 Feb 2017
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.