|
|
|
|
|
|
by koolba
2014 days ago
|
|
|
Yep and it’s even worse because the signing and encryption involves XML transforms to canonicalize the source prior to verifying them. So you force the recipient to not only validate a potentially transformed message, but they have to transform it again too! It’s the perfect intersection of precarious and deranged. |
|
|