This is something I tried to ask in a community meeting when this was presented but maybe could not articulate...
I understand that IPFS is content addressable so the integrity check is builtin. I understand the gateway ends up doing that integrity check just as a side effect of finding the content. But what prevents the gateway from returning something malicious?
I don't see this client verifying the IPFS hash in any way? Am I missing something?
I do see in TAP-19:
the ecosystem is responsible for verifying artifact integrity at the time of use of the artifact
I didn't imagine it would mean trusting a remote server.
This is something I tried to ask in a community meeting when this was presented but maybe could not articulate...
I understand that IPFS is content addressable so the integrity check is builtin. I understand the gateway ends up doing that integrity check just as a side effect of finding the content. But what prevents the gateway from returning something malicious?
I don't see this client verifying the IPFS hash in any way? Am I missing something?
I do see in TAP-19:
I didn't imagine it would mean trusting a remote server.