Ryan

Personally I think this is fine, but there should also be a link leading to the slides, etc. for the previous workshops.

Please fix the whitespace on the blank line (line 96) so the tests can run.

Vim 8.2 has some significant features over Vim 8.0, and is the version that I'm personally using. Is there any reason to not be testing against vim 8.2 and instead...

> Making it cope with syntax errors though might well prove impossible. True that. It honestly might've been easier to just use the parser internally as a Vim plugin, but...

What happens if a user forges a JWT and sets the "vfy" URL to something like, for example, `"https://gib_200_always.fusionscript.info/%s"`? ~~I'd suggest instead changing the "vfy" format to instead be the...

``` 02:19 a user-supplied path is bound to have issues. 02:20 i'd suggest a verify subdomain and a verify path, if you want to go that route. 02:20 that way...

I would be fine with that. That means you only need to specify an optional "issuer subdomain" and an optional "issuer verification path" which can both be static strings.

I see some continued comments on IRC (both within IRCv3 and when discussing with some infosec friends) where the reason for this validation URL is misunderstood. I think it would...

Additionally, some conversations that prawnsalad and I had about this: ``` 02:00 LordRyan: if a user tampers with the token then it won’t match the hash any more 02:01 and...

Discussion on IRC brought up usage of an asymmetric key, with the public version stored in a standardized location in the issuer. This resolves both the issue of the external...