Gateway response is unverifialbe by clients

[krl]

In some discussions i realized that the response we get from the gateways are not verifiable to the hash requested. This is because gateways only transmit the concatenated data portions of the tree.

A solution to this could be having an extra header in the response, that is a description of the tree-structure of the file, including all the bytes that did not make it into the response body, and the offsets into the body. When these are concatenated, we could hash it client side, and be sure we got the right thing.

This is mostly of interest for browser plugins. Thoughts on this?

[jbenet]

i think just providing the hash root, the plugins could use object api to check

[krl]

that would make it a roundtrip hell though, probably not a good thing something we'd want widely installed constantly hammering requests.