Thank you, that’s good to hear.
But (sorry, I’m bothersome):
As described in “Account Key Roll-over” in the spec, the key can be changed. What if the attacker does so before the owner can react? Maybe it would help to accept the old key (too) for deletes (only), for eg. 30 days after the change, …
1 Like