During the development of one of the Privacy Infrastructure Provider implementations of DRP 0.7 a poor interaction was revealed between the protocol's request signing specification and Amazon's HTTP API Gateway. In short, the HTTP API Gateway does not support forwarding application/octet-stream requests without silently corrupting the request body. Further research reveals that while other gateway and request router products could be configured to support this, in the year 2023 binary streams cannot simply be sent over the internet as we have proposed doing without care. libsodium's signature validation is such that it's difficult to tell between the signature being corrupted by a middleware or a message being maliciously tampered with, and so we are taking a chance early to make the requests more robust.
During the development of one of the Privacy Infrastructure Provider implementations of DRP 0.7 a poor interaction was revealed between the protocol's request signing specification and Amazon's HTTP API Gateway. In short, the HTTP API Gateway does not support forwarding
application/octet-stream
requests without silently corrupting the request body. Further research reveals that while other gateway and request router products could be configured to support this, in the year 2023 binary streams cannot simply be sent over the internet as we have proposed doing without care.libsodium
's signature validation is such that it's difficult to tell between the signature being corrupted by a middleware or a message being maliciously tampered with, and so we are taking a chance early to make the requests more robust.