alt Hacker NewsJWT used to be bad due to libraries with poor defaults. Downgrade attacks were fairly common a number of years ago.
Since most of the common libraries across all languages have gotten more sane defaults, it actually is pretty secure nowadays.
JWT used to be bad due to libraries with poor defaults. Downgrade attacks were fairly common a number of years ago.
Since most of the common libraries across all languages have gotten more sane defaults, it actually is pretty secure nowadays.
If we stipulate that, we're still left wondering what the utility is of a standard that creates affordances for the insecure defaults, as opposed to just designing it right from the beginning.