Gateway response is unverifialbe by clients #1594
Labels
Comments
|
i think just providing the hash root, the plugins could use |
|
that would make it a roundtrip hell though, probably not a good thing something we'd want widely installed constantly hammering requests. |
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In some discussions i realized that the response we get from the gateways are not verifiable to the hash requested. This is because gateways only transmit the concatenated data portions of the tree.
A solution to this could be having an extra header in the response, that is a description of the tree-structure of the file, including all the bytes that did not make it into the response body, and the offsets into the body. When these are concatenated, we could hash it client side, and be sure we got the right thing.
This is mostly of interest for browser plugins. Thoughts on this?
The text was updated successfully, but these errors were encountered: