It feels like malpractice to use json in encryption | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		TZubiri 8 months ago \| parent \| context \| favorite \| on: Why I no longer have an old-school cert on my HTTP... It feels like malpractice to use json in encryption

red_admiral 8 months ago [–]

Sadly JWT and friends are "standard". In theory the representation and the data are independent and you can marshal and unmarshal correctly.

In practice, "alg:none" is a headache and everyone involved should be ashamed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact