Fabian Hauck

Hey, sorry for the late reply. There are already pull requests submitted to [nassl #58](https://github.com/nabla-c0d3/nassl/pull/58) and [SSLyze #410](https://github.com/nabla-c0d3/sslyze/pull/410) but the maintainer of these packages did not yet review them.

I think the nassl branch should be easy to fix but the SSLyze part is probably a little bit more complicated. I will look into it.

@veehaitch @unl1k3ly I just wanted you to know that I have updated the TLSProfiler to support sslyze 3.1.0: PR [#8](https://github.com/danielfett/tlsprofiler/pull/8). Sslyze 3.1.0 has the problem that it does not output...

@paulbastian I would like to point out that wallet attestation does not prevent the attack on the pre-authorized code flow, because the attacker can use an unmodified wallet on a...

Let us clarify what exactly we are talking about here. The attack I discovered during my formal security analysis assumes the following things: 1. A malicious application is installed on...

We believe returning the `iss` parameter with every response from the IAE will mitigate this particular attack, but without a thorough formal security analysis, we cannot say whether this prevents...