Skip to content

protection from malicious gateway? #2

Description

@jku

This is something I tried to ask in a community meeting when this was presented but maybe could not articulate...

I understand that IPFS is content addressable so the integrity check is builtin. I understand the gateway ends up doing that integrity check just as a side effect of finding the content. But what prevents the gateway from returning something malicious?

I don't see this client verifying the IPFS hash in any way? Am I missing something?

I do see in TAP-19:

the ecosystem is responsible for verifying artifact integrity at the time of use of the artifact

I didn't imagine it would mean trusting a remote server.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions