Some users tend to rely on security properties that are not provided by
cryptographic signatures. This has lead to serious problems int the
past, such as BitCoin transaction malleability (a replay attack where
the recipient could repeat a previously existing transaction).
Mitigations for signature malleability are possible, but they're at best
easily misunderstood, and at worst incomplete. Better warn the users in
the manual than encouraging the reliance on non-standard security
properties.
projects / Monocypher.git / commit