Ohh, that's very informative. I hadn't thought about the directory path addressing within the hash, nor the DNSSEC issue. Or that there would need to be extra support on the gateway's side. Is there a reason why @IPFSbot didn't pull the changes upstream for other gateways to use?
-
-
Replying to @agentofuser @brave and
If you can get the user to run some code, they'd rather that code be an IPFS node. Or, at least *more* of an IPFS node.
1 reply 0 retweets 1 like -
Replying to @BrenTwentyTen @brave and
Yeah it would be better for people to run a peer in the browser than just a gateway-validator, but that's not always possible. (And using Cloudflare's gateway via onion alt-svc doesn't leak metadata.) If (vanilla) gateways *cannot* be validated that's a show-stopping sec bug IMO.
1 reply 0 retweets 3 likes -
Replying to @agentofuser @BrenTwentyTen and
CID validation without running IPFS node is possible, but requires additional metadata about DAG creation (Cloudflare E2E works only for default hash/add parameters). We track Verifable HTTP Gateway Responses at https://github.com/ipfs/in-web-browsers/issues/128 … (also see Reproducible File Imports)1 reply 1 retweet 2 likes -
Replying to @lidelOrg @BrenTwentyTen and
Very encouraging, thank you! While we wait for CID "validatability" to reach other gateways, an intermediate step would be for Brave to support
@Cloudflare's validator ext so that at least 1 gateway can be used for webapps with higher trust reqs. How big a change would be needed?1 reply 0 retweets 0 likes -
Replying to @agentofuser @BrenTwentyTen and
I am afraid one can't reliably verify CID payload without running IPFS node atm. validator ext is just a PoC: it hardcodes assumption of sha256 (things hashed with different alg. or chunker will produce false-negatives) and depends on filterResponseData API that is Firefox-only
2 replies 0 retweets 1 like -
Replying to @lidelOrg @agentofuser and
What API do you need? Firefox-only is not going to scale.
1 reply 0 retweets 3 likes -
Replying to @BrendanEich @lidelOrg and
This is the API we use:https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/filterResponseData …
1 reply 0 retweets 1 like -
Replying to @BrenTwentyTen @lidelOrg and
Thanks. While we could add that to Brave, my q was more about what you plan to use on Chrome and chromium-based browsers.
1 reply 0 retweets 1 like -
Replying to @BrendanEich @lidelOrg and
I'm not aware of a way to make the extension work on Chrome. That API is the linchpin
1 reply 0 retweets 2 likes
Is there a Chromium issue? Where can we help voice the need for this?
-
-
Replying to @dietrich @BrendanEich and
Probably these two: - https://bugs.chromium.org/p/chromium/issues/detail?id=104058 … - https://bugs.chromium.org/p/chromium/issues/detail?id=487422 …
0 replies 1 retweet 3 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.