General security question on the frontend certified assets through the boundary nodes and service worker

nomeata · February 14, 2022, 9:18am

Yes, spot on. This is a known problem and I don’t think a complete solution is near. Essentially we have trust-on-first-use: As long as your first contact is uncompromised, later accesses work.

As you say, a proper solution likely needs a browser extension or a local proxy.

Topic		Replies	Views
Can the boundary nodes ever be decentralised and still guarantee a secure frontend? Developers	1	646	February 28, 2022
Let's talk about boundary nodes as a high-risk point of failure for the IC Developers Boundary-nodes	19	1666	September 5, 2023
The difference between raw.ic0.app and ic0.app Developers Boundary-nodes	4	1304	June 7, 2022
Frontend certification Developers	11	434	December 4, 2023
A single node provider might be able to take over Internet Identities, it seems General	4	776	April 1, 2022

General security question on the frontend certified assets through the boundary nodes and service worker

Related topics