search

frasertweedale / hs-jose

Haskell JOSE and JWT library
http://hackage.haskell.org/package/jose
Apache License 2.0
122 stars 46 forks source link

Document that the library is vulnerable to the invalid curve attack. #55

Closed alexanderkjeldaas closed 7 years ago

alexanderkjeldaas commented 7 years ago

I don't know if the library is vulnerable, but either it should be marked as vulnerable, or marked as not vulnerable in the README.

frasertweedale commented 7 years ago

@alexanderkjeldaas JWE is not even implemented in this library yet (as mentioned in the README).