Currently, TBDex http-client implementations neither validate JSON schema nor verify signature of TBDex messages/resources received in responses. We should:
Formalize in the spec that http-client implementations MUST validate schema and verify signature.
Add these checks to http-client implementations
Create test vectors for http-client implementations which address these cases. Since the TBDex http api does not yet have test vectors, we may need to break that out into another issue.
Discord Context
Currently, TBDex
http-clientimplementations neither validate JSON schema nor verify signature of TBDex messages/resources received in responses. We should:http-clientimplementations MUST validate schema and verify signature.http-clientimplementationshttp-clientimplementations which address these cases. Since the TBDex http api does not yet have test vectors, we may need to break that out into another issue.