JOSE (Javascript Object Signing and Encryption) is a bad standard that everyone should avoid https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid …
-
-
Replying to @gcouprie
Parts are fallacies, like "must process" for alg header. Trivial correct processing is only accepting the value you would set.
2 replies 0 retweets 0 likes -
Replying to @RichFelker
how many developers would do it this way? Think of how much work it was to get people to care about TLS ciphers config
1 reply 0 retweets 0 likes -
Replying to @gcouprie
Indeed. It should be done right at the library level making it hard/impossible to do wrong without writing your own.
2 replies 0 retweets 0 likes
Replying to @RichFelker @gcouprie
OpenSSL supporting joke ciphers like "none" was purely OpenSSL's fault, not the spec/protocol's (despite it being a mess too).
1:29 PM - 15 Mar 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.