[vixsomnis]

That is only an issue if we throw out the current system altogether.

What do you think of embedding IPFS links within html? Secure content can be directly loaded from the central server, content that only needs to be checked for integrity or hidden from the local network can be loaded from the distnet.

It'd be like mushing torrents and the web together.

[friendzis]

This way connection to origin server is still a SPoF without the ability to access ephemeral content. I think it would be a better (is it even in the realm of possibility?) alternative to do it the other way around: embed secure content inside Content Addressable Network (CAN). With Content Address you automagically get verification that at least the bank URI is intact. On top of that, CAN could aid in verifying root CA/server key pairs increasing TLS security. Well, at least for the duration of certificate validity. CRLs are again another story confirming that CANs, contrary to centralized ones (unless you are getting MITMed), have no way of indicating whether the content in question is current. On top of that, if majority of Alices direct peers are Malicious Malroys they have pretty good chances of convincing the network that Alice itself is acting maliciously and content updates from her are not to be trusted. Oversaturated example: Presidential elections with 49.9%/50.1% vote distribution.

[david_ar]

Integrating with the existing web is definitely one of the goals, see https://github.com/ipfs/ipfs.js