Open mepeltier opened 1 year ago
Yes, I agree that the Problem Report does not cover that cases.
But if you are not able to unpark messages or verify signatures, you also don't what to reply to anyone in specific.
Maybe the best would be to reply synchronously (if possible), with the problem report that is only signed, without any DID on the to
field. But then you are exposing yourself to denial service attacks.
But that is a good question and we should have a guideline this what to do. ATM I'm replying to HTTPS/Post with the code 400.
The Problem: DIDComm V2
problem-reports
REQUIRE apthid
value, even though that may not always be possible to include.problem-report
spec for referenceSection of note:
Consider the following scenario:
In this scenario, since Bob cannot unpack Alice's message, he has no idea what that message's
thid
is. Therefore, anyproblem-report
he constructs is out of spec.This is just one scenario in which this issue occurs. The spec itself identifies the possibility of
problem-report
s being triggered by events other than receipt of problematic messages:In this case, it's not that the appropriate
thid
is inaccessible to Bob; it simply does not exist. As such, any problem report generated in this manner is automatically out of spec.