[jstanley]

> First, [completely change your application and its core security assumptions]. Is your application-layer cryptography protocol still secure?

No.

[CiPHPerCoder]

If your application-layer cryptography protocol is not secure in isolation, what argument do you have against making it secure in isolation?

[jstanley]

I have none. I'd merge a sensible pull request.

But characterising it as a huge security flaw is disingenuous. It's neither here nor there.

[CiPHPerCoder]

I'm characterizing it as a protocol/design flaw in something that bills itself as the most secure X, sure, but I haven't done anything to describe it as "huge".

Are you being needlessly defensive?