protection from malicious gateway? #2
Comments
|
Hi @jku This issue is addressed in the latest update of docs - https://github.com/JustinCappos/tuf-ipfs#issue-with-public-gateways. I should've brought this up in the last community meeting but completely forgot about it. Also another workaround is having multiple hashes (e.g. sha256) along with IPFS CID to be extra secure. |
|
Thanks, new README makes a lot more sense. It would be even better if it explicitly stated that the current implementation is based on complete trust on the gateway (and maybe explained why this is the case and how it could be improved in future). I'm not focusing on this to downplay the work here at all: I filed this because to me these findings are the most important results of this work and should be really prominent -- stuff that Future Work will be based on. This looks fixed to me, feel free to close |
|
Hi @jku I have added additional detail on issue with gateways: https://github.com/JustinCappos/tuf-ipfs/tree/main#issue-with-public-gateways Please look at it and let me know your thoughts! |
This is something I tried to ask in a community meeting when this was presented but maybe could not articulate...
I understand that IPFS is content addressable so the integrity check is builtin. I understand the gateway ends up doing that integrity check just as a side effect of finding the content. But what prevents the gateway from returning something malicious?
I don't see this client verifying the IPFS hash in any way? Am I missing something?
I do see in TAP-19:
I didn't imagine it would mean trusting a remote server.
The text was updated successfully, but these errors were encountered: