2019-02-28 UTC
# 
fr33domlover One way, it will notice my signature is invalid. This works but it relies on me keeping the same public key, unable to rotate it. And if I do rotate it, using blind key rotation, your server will see a new key, accept it, and voila I can edit your file. When using a secret access token that joe must possess, this prevents my attack, because I don't have the token joe had, and I can't make malicious edits