[diggan]

> Upon further reading, it appears that it may be impossible to verify the security of an IPFS cached page

Not at all, rather the opposite, it's very easy to verify a page since the hash is based on the content.

You have file "ABC" that you want to download. So you fetch it and once you have it locally, you hash it yourself and you compare the hashes. If they are the same, you know you have the right thing. If they are different, someone is sending you bad content.

[drivingmenuts]

Re-read the original question. If someone is preventing access to the original page and the alternate is being served thru IPFS, there is no way to compare the original. The IPFS cached page becomes the authoritative page and could contain altered content, which the hash takes into account.

If the original page can perform the hash and embed it, that would somewhat alleviate the issue during the fetch, but do nothing to prove that the IPFS-served page was trustworthy or not, unless some third-party knows the original hash, as well.

If the page was served to the IPFS network, to be cached, by a neutral, trusted third-party, that would somewhat alleviate the problem, although there arises the problem of trust again.

The only way to minimize the trust issue is if the page originates from inside the IPFS network and is not a cached version of page originally served outside the network.