2019-02-24 UTC
#
fr33domlover the delegation from IPFS, verify its own signature on it, and decide to trust it. But in practice, this holds only if you really do literally fetch it from IPFS every time. If you use a local separate cache of all delegations you've granted, you can just look there instead (no need for network requests, no need to verify signatures), and we're back to the case where the delegation JSON isn't really used.