attempt to specify http-post-application-octet-stream mechanism

Author: ewdurbin

peps/pep-0694.rst

@@ -444,7 +444,8 @@ The successful response includes the following JSON content:
       "valid-for": 3600,
       "mechanism": {
         "http-post-application-octet-stream": {
-          "url": "..."
+          "file_url": "..."
+          "attestations_url": "..."
         }
       }
     }
@@ -756,6 +757,36 @@ with that implementation's file upload mechanism name.
 All implementations of this PEP **MUST** implement the ``http-post-application-octet-stream`` file
 upload mechanism.
 
+``http-post-application-octet-stream`` Mechanism
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The ``http-post-application-octet-stream`` mechansism **MUST** be supported servers which
+implement this PEP.
+
+A client executes this mechanism by submitting a ``POST`` request to the ``file_url`` returned in the
+``http-post-application-octet-stream`` map of the ``mechanism`` map of the
+:ref:`file upload session creation response body <file-upload-session-response>` like:
+
+.. code-block:: text
+
+    Content-Type: application/octet-stream
+
+    <binary contents of the file to upload>
+
+Servers **MAY** support uploading of digital attestations for files (see :pep:`740`).
+This support will be indicated by inclusion of an ``attestations_url`` key in the
+``http-post-application-octet-stream`` map of the ``mechanism`` map of the
+:ref:`file upload session creation response body <file-upload-session-response>`.
+
+To upload an attestation, a client submits a ``POST`` request to the ``attestations_url``
+containing a JSON array of :pep:`attestation objects <740#attestation-objects>` like:
+
+.. code-block:: text
+
+    Content-Type: application/json
+
+    [{"version": 1, "verification_material": {...}, "envelope": {...}},...]
+
 
 Content Types
 -------------