Currently, TBDex http-client implementations neither validate JSON schema nor verify signature of TBDex messages/resources received in responses. We should:
Formalize in the spec that http-client implementations MUST validate schema and verify signature.
Add these checks to http-client implementations
Create test vectors for http-client implementations which address these cases. Since the TBDex http api does not yet have test vectors, we may need to break that out into another issue.
Discord Context
Currently, TBDex
http-client
implementations neither validate JSON schema nor verify signature of TBDex messages/resources received in responses. We should:http-client
implementations MUST validate schema and verify signature.http-client
implementationshttp-client
implementations which address these cases. Since the TBDex http api does not yet have test vectors, we may need to break that out into another issue.