@hrefna Thank you for digging into these issues. I think that we are facing the classic case of a protocol built with an assumption of trust, and then used in a context in which that trust is dubious. The challenge is to retrofit the security controls required when trust is absent, and then do that without breaking the existing community.