> Why is it different if we do exactly that in libcrypto? Because *we* are not guessing. We are telling the application "we think it's a FOO" and then letting the application decide what to do. Security libraries *should not guess.*