GitHub issue: https://github.com/dfinity/certified-assets/issues/10 I’m getting near the end of implementing partial responses for asset canisters, which allows more advanced streaming of audio and video content. My solution is working well locally, and I’ve deployed the new asset canister to produ…

I believe that would work for the podcasting use case if there is a URL exposed for non-certified uses. .raw has been working well for me so far.

I don’t think the discussion is about how to implement the streaming anymore, it seems clear it’s best done in a much more scalable/secure manner outside of the assets canister. Unfortunately it looks like we’ll have to wait a while to get this working, so I just want the boundary nodes to not filt…

[image] levi: Anyone can make setup uncertified streaming now without the certified-assets canister You still need to implement partial responses, my solution does this from a canister. I don’t care where it’s done (except I want the best solution possible) it just needs to be done. I have a…

[image] jplevyak: Range queries can’t be certified, so it doesn’t make sense to try to handle them in the “certified assets” canister. There are certification schemes that support that, using suitable hash functions, and we did consider them back then before we settled on this certification M…

Thanx for the pointer! I had wondered if rolling hashes or something could do it. We want to have certification checking by default with opt out for raw.ic0.app via icx-proxy where the opt out would itself be certified. We could pass the headers but currently there is no way to certify the Range…

[image] jplevyak: We have an automatic chunking system for uploads and downloads and we can use that for reading certified chunks in the service worker and icx-proxy This sounds like exactly what I need.

HI, @nomeata :slight_smile: Why is the SHA-256 hash stored for each asset and validated on service-worker? I’m not expert, but isn’t it enough that the service worker checks the IC-certificates in the headers of asset (to avoid data spoofing) for “certification”? For example about sha: if I load…

I don’t quite understand the question. The certification needs to build a trust path between something that the user (the service work) knows, namely the IC root key, and the file just loaded. This involves a few steps (root public key → subnet public key → subnet state merkle tree root → subnet sta…

Now everything is clear for me, thanks a lot!

[image] nomeata: There are certification schemes that support that, using suitable hash functions, and we did consider them back then before we settled on this certification MVP because we needed something simple. But I wouldn’t say it’s impossible, we could extend our protocol here. See, e.g. …

Boundary node http response headers

Developers

paulyoung February 11, 2022, 12:25am 43

This sounds like exactly what I need.

New crate: ic-auth-tokens

Topic		Replies	Views
Range headers being stripped out Developers	34	1192	September 7, 2024
ERR_HTTP2_PROTOCOL_ERROR for assets on canister Developers Bug	29	557	March 8, 2024
Can't host podcasts from canisters Developers	9	655	February 22, 2024
Content Filtering via Boundary Nodes Developers	23	3172	February 7, 2023
Service Worker Bug? Body does not pass verification Developers	23	3130	August 4, 2022

Boundary node http response headers

Related topics