jmcardon
commented
6 years ago While true, the BBS message stuff was mostly to talk about hashing as a chain and to construct the basic Merkle trees.
In that sense, it was a relatively harmless thing, but if you recall the BBSMessage it was presented before JWT thus HMAC hadn't been introduced yet.
and
have the same hash. You can use an HMAC construction to avoid this possibility.