The spec does not specify that the client should validate all incoming messages from the key server. This could be viewed as an implementation detail, but it should be at least specified as implementation guidance. (Particularly because there was an attempt to specify the key server validation requirements concretely. On the other hand, this may be a mistake, because the implementor should probably check these carefully for completeness.)
Some specific points:
[ ] In retrieve, the client gets back a secret + associated data and decrypts it. They should check the associated data is correct (e.g. includes the user id and key id they requested)
The spec does not specify that the client should validate all incoming messages from the key server. This could be viewed as an implementation detail, but it should be at least specified as implementation guidance. (Particularly because there was an attempt to specify the key server validation requirements concretely. On the other hand, this may be a mistake, because the implementor should probably check these carefully for completeness.)
Some specific points: