Gateway response is unverifialbe by clients

Question

Gateway response is unverifialbe by clients

Closed this issue 4 years ago · 2 comments

In some discussions i realized that the response we get from the gateways are not verifiable to the hash requested. This is because gateways only transmit the concatenated data portions of the tree.

A solution to this could be having an extra header in the response, that is a description of the tree-structure of the file, including all the bytes that did not make it into the response body, and the offsets into the body. When these are concatenated, we could hash it client side, and be sure we got the right thing.

This is mostly of interest for browser plugins. Thoughts on this?

Answer 1 · 2015-08-20T16:39:01.000Z

i think just providing the hash root, the plugins could use object api to check

Answer 2 · 2015-08-24T13:00:30.000Z

that would make it a roundtrip hell though, probably not a good thing something we'd want widely installed constantly hammering requests.