I’d like to second this. The “workaround” detailed here requires the implementing client to be concerned with the validity or invalidity of the key, which is something that I never want to have to think about in application code. It seems to imply application-level dynamic key management, which not every company will have implemented, nor will have engineering time to implement.
2 Likes