Nice job! It looks like the security of the protocol depends on how good communication channels are protected ( I suppose You assumes protection by HTTPS or any other server authentication and channel encryption), otherwise, malicious actors may listen and/or spoof the protocol messages. My question is do You plan to use the Hive chain to hold information about the valid HAS servers and their public keys/certificates, or the system will depend on external certification entities ? I mean the App may ask the Hive Blockchain for a list of valid HAS servers and all the information required to establish a secure connection with them.
You are viewing a single comment's thread from:
Thank you for your feedback @mickiewicz
I go much further. HTTPS only secures its communication but not its content. HAS protocol will use encryption extensively to validate the data exchanged between the parties.
It is important that the HAS server itself cannot access the content of the communications. If that was the case, it could easily modify the exchanged data and lure either the application or the Wallet app (PKSA).
This is a possible solution, but it is not planned at first.
No. The protocol was designed not to depend on any external entity and to allow full decentralization. It will work as we are used to with Hive API nodes. We can even imagine integrating HAS as a microservice deployed on each Hive API node.