|
|
|
|
|
|
by mmalone
2006 days ago
|
|
|
Sure the CA is a new attack vector. That doesn't make it inherently insecure or the same as cleartext transmission. Is running an internal OAuth OIDC identity provider to issue signed identity tokens the same as using cleartext passwords? |
|
|