Verifiable HTTP Gateway Responses

### Summary

Various organizations are exposing IPFS content via Public HTTP Gateways (eg. [Cloudflare](https://www.cloudflare.com/distributed-web-gateway/)). 

There are users who can't run local IPFS node, but still could get some guarantees provided by content-addressing if they have software capable of re-calculating CIDs from arbitratry payloads.  

This issue tracks ways we could do that.

### Problem statement

- It is not enough to "fetch data from gateway and calculate CID", as we don't know how DAG looked like, so if CID does not match, we don't know if it is false-negative. 
  - 2020Q4: CAR import/export seems to be the best solution to that problem (https://github.com/ipfs/in-web-browsers/issues/170).
  - 2021Q1: @aschmahmann proposed that we add support for hashes of "unchunked" files in [RFC|BB|L2-09/10 Handling arbitrarily large blocks and Treating files as large blocks](https://github.com/protocol/beyond-bitswap/pull/29)
    - This is  better than CAR, as does not require user agent to support CAR format and can verify regular responses based on URI alone

### Use Cases

- (UC1) Package Manager fetching archive from HTTP Gateway
- (UC2) User running [ipfs-companion](https://github.com/ipfs/ipfs-companion) or other browser extension
- (UC3) IoT / low power devices that are unable to use true p2p, but can reach HTTP gateways
- (UC4) Web browser that wants to natively delegate IPFS handling to public gateways, but provide users with integrity guarantees of IPFS

### Work

- [x] Research limitations of existing vendor-specific prior art
- [x] Research how to resolve CID of an arbitrary path and get insight into its DAG structure
    - A: :anger: additional lookup via local js-ipfs used only for that or fallback to `http://ipfs.io/api/v0/` 
    - B: :yellow_heart:  Gateway exposes all metadata required for Reproducible File Import via HTTP header, so no additional lookup is required
      - Gateway support for CAR export (https://github.com/ipfs/in-web-browsers/issues/170)  is a variant of this
    - C: :yellow_heart: UnixFS files identified using hash of the full content (https://github.com/protocol/beyond-bitswap/pull/29)
      - Improves on top of B because it does not require client to know/implement Unixfs/IPLD specifics, just read hash function type from CID and then compare it against the hash of entire file.
      - Requires separate provider records, so won't work for legacy data/links
- [ ] Gateway can return all parameters needed for re-building DAG during validation (or CID can be validated directly)
    - **BLOCKED** by https://github.com/ipfs/unixfs-v2/issues/15
    - Note: this may become not a problem if we switch approach to CAR import/export: https://github.com/ipfs/in-web-browsers/issues/170
       - if we are able to control the depth of CAR export, we could  have parallel streaming from multiple gateways
    - Note: alternative to CAR is  [RFC|BB|L2-08: Handle Arbitrary Block Sizes](https://github.com/protocol/beyond-bitswap/pull/29)
       - This is  better than CAR, as does not require user agent to support CAR format and can verify regular responses based on URI alone
- [ ] (UC1)(UC4) CLI tool is able to fetch HTTP payload and validate it against a CID in offline mode without need for a  full IPFS node
  - Highly useful for use in Package Managers
- [ ] (UC2) Browser Extension is able to validate HTTP payload against its CID
  - Limited by APIs provided by browser vendors, details tracked under IPFS Companion: https://github.com/ipfs-shipyard/ipfs-companion/issues/593
- [x] (UC3)(UC4) full DAG can be fetched from public gateway
  - CAR export built-in feature of HTTP gateways: https://github.com/ipfs/in-web-browsers/issues/170

### Resources

#### Prior Art

- (UC2) Cloudflare
   - [End-to-End Integrity with IPFS and DNSSEC](https://blog.cloudflare.com/e2e-integrity)
   - [cloudflare/ipfs-ext](https://github.com/cloudflare/ipfs-ext/) PoC IPFS Gateway Validator browser extension
     - supports only DAGs created with default settings (hash, chunker etc)

- https://tools.ietf.org/html/rfc6249: Metalink/HTTP: Mirrors and Hashes  
  Very relevant RFC, which provides HTTP-native semantics for returning Digest with the payload:
  ```
   Link: <http://example.com/example.ext.asc>; rel=describedby;
   type="application/pgp-signature"
   Digest: SHA-256=MWVkMWQxYTRiMzk5MDQ0MzI3NGU5NDEyZTk5OWY1ZGFmNzgyZTJlO
   DYzYjRjYzFhOTlmNTQwYzI2M2QwM2U2MQ==
  ```

#### IPFS 

- go-ipfs:  Gateway response is unverifiable by clients https://github.com/ipfs/go-ipfs/issues/1594
- Universal HTTP Gateway Validator in browser extension | https://github.com/ipfs-shipyard/ipfs-companion/issues/593
- Reproducible File Imports 
  - unixfsv1 has MetaData struct: [go-unixfs/pb/unixfs.proto#L24](https://github.com/ipfs/go-unixfs/blob/v1.2.11/pb/unixfs.proto#L24)
  - unixfsv2: https://github.com/ipfs/unixfs-v2/issues/15
- [RFC|BB|L2-09/10 Handling arbitrarily large blocks and Treating files as large blocks](https://github.com/protocol/beyond-bitswap/pull/29)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Verifiable HTTP Gateway Responses #128

Summary

Problem statement

Use Cases

Work

Resources

Prior Art

IPFS

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Verifiable HTTP Gateway Responses #128

Description

Summary

Problem statement

Use Cases

Work

Resources

Prior Art

IPFS

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions