Summary
The AAD v0x03 spec pseudocode hardcodes create_aad(tenant, key, "msgpack", true) and defines compressed as the string "True"/"False". Two gaps:
- No provision for non-msgpack formats (Arrow) or for
compressed=false — the spec cannot describe an encrypted uncompressed or non-msgpack entry.
str(bool) is a Python-ism baked into the authenticated data: a Rust/TS/Go SDK MUST emit Python's exact capitalization ("True", not "true") or AES-GCM auth fails.
Evidence
Impact
The canonical contract is under-specified for the formats the SDKs actually produce, and encodes a language-specific boolean representation into a cross-language authenticated field.
Fix
Generalize the AAD format and compressed fields (define the full value set incl. arrow), and specify a language-neutral boolean encoding (e.g. 1/0 or a single byte) — coordinated as a protocol version bump across SDKs.
Summary
The AAD v0x03 spec pseudocode hardcodes
create_aad(tenant, key, "msgpack", true)and definescompressedas the string"True"/"False". Two gaps:compressed=false— the spec cannot describe an encrypted uncompressed or non-msgpack entry.str(bool)is a Python-ism baked into the authenticated data: a Rust/TS/Go SDK MUST emit Python's exact capitalization ("True", not"true") or AES-GCM auth fails.Evidence
protocol/spec/encryption.md:216,229(compressed: String "True"/"False"),:285,303(create_aad(..., "msgpack", true))compressed=Falsefor compressed data (see AutoSerializer bakes a falsecompressedflag into the AES-GCM AAD cachekit-py#166)Impact
The canonical contract is under-specified for the formats the SDKs actually produce, and encodes a language-specific boolean representation into a cross-language authenticated field.
Fix
Generalize the AAD
formatandcompressedfields (define the full value set incl.arrow), and specify a language-neutral boolean encoding (e.g.1/0or a single byte) — coordinated as a protocol version bump across SDKs.