As an SSP or DSP, I would like to cryptographically validate that an impression opportunity eminating from Trusted Server is authentic

[jevansnyc]

High level goals are:

• Verify incoming requests signed by Trusted Server using Ed25519 (EdDSA)
• Use JWKS for key discovery and rotation (no static configs)
• Enforce freshness and prevent replay
• Maintain sub-millisecond verification latency at 10k–50k RPS (we can test this later at scale)
• Produce clear diagnostic responses (401/409) on failures

[therevoltingx]

Keep in mind that even with edwards curve dsps have said that it's "too intensive" to validate all bid requests. we suggested to sample bid requests, but another approach could be to sign beacon signals (e.g. win signal).

Think we should consult with DSPs before we go down the implementation route.