|
|
|
|
|
|
by erikerikson
391 days ago
|
|
|
Nothing to apologize for, thanks again. When using symmetric signing, the threat model advantage I was advocating for disappears. Finding examples like Stripe and GitHub using symmetric signing was easy. Given this it seems far more likely this is an artifact of a time that you couldn't expect customers to host using HTTPS. I'll chalk this up as another one of those "oh god, really?" moments with this industry. |
|
|