GDP commands and responses should (potentially) be signed
Currently GDP data is signed, but commands and responses are not.
Commands need to be signed in some (but not all) cases to grant special permissions. For example, the ability to delete a log would require owner permission, the ability to migrate a log might require some administrative permission, and the ability to add records to HONGD will require "creation service" credentials. Some commands do not need this; for example, APPEND can sign the data rather than command itself.
Responses will in some cases need to be signed. For example, errors (NAKs) should be signed to prevent DoS attacks. CONTENT replies do not need to be signed since the data itself is.