Should IPFS paths at different gateways share the same ipfs.files chroot? #453
Labels
area/window-ipfs
Issues related to IPFS API exposed on every page
status/deferred
Conscious decision to pause or backlog
topic/security
Work related to security
Comments
lidel
added
topic/security
12 tasks
|
I'm in favour of this. A DNSLINK ipns name is only as secure as the DNS layer, but https currently has the same issue. More generally I'm working on the theory that a CID is usefully equivalent to an Origin as it provides a built in mechanism to detect and fail on MITM style attacks... this snippet from the Origin spec is helpful
|
|
Note to self: we should park this until #593 lands. |
|
Closing due to #589 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It gets really interesting when accessing
ipfs.filesviawindow.ipfsat IPNS site.I've run the snippet above at
/ipns/ipfs.ioand:https://ipfs.io/ipns/ipfs.io/creates
/dapps/https/ipfs.io/ipns/ipfs.io/test-from-ipfs.iohttp://127.0.0.1:8080/ipns/ipfs.io/creates
/dapps/http/127.0.0.1%3A8080/ipns/ipfs.io/test-from-127.0.0.1:8080Do we want to merge IPFS scopes (
/ipns/and/ipfs/) by removing HTTP component so that both above URLs will have access to the sameipfs.filesroot at/dapps/ipns/ipfs.io/?Pros:
ipfs.filesAPI and do not worry about the way user loads the dapp, no reports of "missing user data" if someone switches between gatewaysCons:
ipfs.filesvia ACL for this new gateway, it still won't work.window.ipfsis added by the extension, and the same extension automatically detects requests to IPFS Paths and replaces them with requests to either custom or public gateway defined in Preferences. This means malicious JS will never get loaded, as we use 'trusted' gateway instead, even when embedded js-ipfs is used.The text was updated successfully, but these errors were encountered: