Quote from: zipslack on November 28, 2010, 08:53:00 AM
I suppose you are referring to the checkpoints? If so, as I understand it, they are only applied while verifying a block which has been downloaded. The contents of blk0001.dat and blkindex.dat are never checked by the client, because the client is designed to check that data before it gets written to those files.
Not quite true. “-checkblocks” (CheckBlock()) performs quite a few checks on the contents of blk0001.dat / blkindex.dat. AcceptBlock() does a bit more, adding context, but not much more. But let’s ignore that for the moment.
I think a more important point you’re missing is that nobody is proposing that verification be skipped. The bitcoin code is quite capable of verifying and indexing untrusted blk0001.dat data. It would just need a few modifications to behave sensibly if blkindex.dat is missing.
The proposal is simply: don’t download massive amounts of uncompressed data using a protocol (bitcoin P2P) that wasn’t designed for bulk data transfer.
The client is clearly capable of verifying the cryptographic integrity of blk0001.dat from an untrusted source, because it does that for blocks coming in over the network, and blk0001.dat contains… serialized blocks originally received from untrusted sources over the network.
It does not seem overly difficult to pass in blk0001.dat file position data to ProcessBlock(), and simply skip the WriteToDisk() storage call in downstream callee AcceptBlock().