ipfs-companion icon indicating copy to clipboard operation
ipfs-companion copied to clipboard
verified publisher icon ipfs

HTTP Gateway Validator

Open lidel opened this issue 7 years ago • 0 comments

AKA checksuming payload as it arrives from untrusted gateway and checking if it match expected CID

Context

See Verifiable HTTP Gateway Responses at https://github.com/ipfs/in-web-browsers/issues/128

Work

  • [x] research if/how we could calculate checksum as data arrives
  • [ ] research how we resolve CID of resources under a path and get insight into DAG structure
    • A: additional lookup via local js-ipfs used only for that or fallback on http://ipfs.io/api/v0/
    • B: additional HTTP headers with required metadata
  • [ ] research and design UX for indicating the payload is verified
  • [ ] implement streaming validator that drops connection if payload does not match expected digest

Related Resources

  • Prior art from Cloudflare: https://github.com/cloudflare/ipfs-ext/
    • it also has DNSSEC validator, but that should be a separate topic
    • limitation: only SHA-256 is supported in CIDs
  • If browser is able to verify CID digest, it will be possible to define public, untrusted gateway as the backend without need for trusting it returns valid data
  • Reproducible File Imports | https://github.com/ipfs/unixfs-v2/issues/15

lidel avatar Sep 21 '18 10:09 lidel