Implement the spec-facing server cleanup from the security review.
Tasks:
- Expose the normative directory API from the IETF draft, including discovery, content lookup/submission, key lookup, endorsements, and reputation endpoints.
- Keep any current
/api/... convenience endpoints only as compatibility wrappers if needed.
- Use canonical unpadded Base64 for hashes and signatures.
- Bind signatures to serialized origins, not bare hostnames.
- Support the finalized claims hash contract for all direct child
meta claims.
- Implement structured endorsement signing and verification per the spec, not the old
{contentHash}:{timestamp} binding.
- Return spec-shaped errors and add conformance fixtures for directory exchanges.
Spec tracking issue: HTMLTrust/htmltrust-spec protocol cleanup after security review.
Implement the spec-facing server cleanup from the security review.
Tasks:
/api/...convenience endpoints only as compatibility wrappers if needed.metaclaims.{contentHash}:{timestamp}binding.Spec tracking issue: HTMLTrust/htmltrust-spec protocol cleanup after security review.