ZegnatSurely the private signing key has a higher risk level? It would allow any endpoint to create keys that my endpoint accepts. The other two only have value together, and only to login through my actual endpoint (which could theoretically also be IP whitelisted etc.etc.)
