I understood that the execution layer signs the replicated state with threshold BLS signature. I want to call the canister(update call) from a browser and verify the return value with the subnet’s public key. Do I need to implement it using mo:base/CertifiedData like in the example?
If mo:base/CertifiedData is not used, will the state be signed with a threshold BLS signature?
If I don’t use mo:base/CertifiedData and call it with update call, is it might the return value be tampered with?
I found the following thread in 2021. However, I could not understand it exactly. Do you have any easy-to-understand documentation?
Yes, it only verifies the frontend, but that is because it doesn’t need to do anything else. The service worker only cares about HTTP requests, which are sort-of equivalent with query calls to the function http_request. If you want to make an update call from your frontend, you will use e.g. the JS agent (which you get via the frontend content). The JS agent then checks that the update call is properly signed by the IC, so the service worker doesn’t have to do the same verification
Anything from Motoko is only relevant if you write a canister/backend. What you were asking about is the agent/frontend side. If you want to write a canister then you have to think about certification, but not otherwise