@sj @dangoodin the signature should be validated with a key that you know belongs to the legitimate sender. If you just use the public key that is contained within the very same message you are trying to validate then what is stopping an attacker from supplying a key of their choice?
=> More informations about this toot | View the thread | More toots from robertguetzkow@infosec.exchange
=> View sj@social.scriptjunkie.us profile | View dangoodin@infosec.exchange profile
text/geminiThis content has been proxied by September (3851b).