Better docs explaining embedded JWKs

square · Sep 22, 2016 · 299620e · 299620e
1 parent d00415a
commit 299620e
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/signing.go b/signing.go
@@ -186,13 +186,18 @@ func (ctx *genericSigner) SetNonceSource(source NonceSource) {
 	ctx.nonceSource = source
 }
 
-// SetEmbedJwk specifies if the signing key should be embedded in the protected header,
-// if any. It defaults to 'true'.
+// SetEmbedJwk specifies if the signing key should be embedded in the protected
+// header, if any. It defaults to 'true', though that may change in the future.
+// Note that the use of embedded JWKs in the signature header can be dangerous,
+// as you cannot assume that the key received in a payload is trusted.
 func (ctx *genericSigner) SetEmbedJwk(embed bool) {
 	ctx.embedJwk = embed
 }
 
 // Verify validates the signature on the object and returns the payload.
+// Be careful when verifying signatures based on embedded JWKs inside the
+// payload header! You cannot assume that the key received in a payload is
+// trusted.
 func (obj JsonWebSignature) Verify(verificationKey interface{}) ([]byte, error) {
 	verifier, err := newVerifier(verificationKey)
 	if err != nil {