[willamhou]

Gateways and signatures solve different problems. A gateway controls access; a signature lets the server verify what request was actually sent. That matters for replay, tamper, and forgery cases after the request passes the edge.

We've been using per-tool-call Ed25519 receipts for this in MCP flows. Verification happens directly in the server handler instead of adding another proxy hop. You can also add a server co-signature if you want proof of what the server received and responded.

[michaelquigley]

This happens in the OpenZiti layer for mcp-gateway. The overlay has strong identity and end-to-end encryption. So by simply wrapping any standard MCP server with mcp-gateway, you've got all of that and more, without having to change your implementation.