Hi,

Is it possible for the following situation to happen?
If so, why not?

  1. server A is authentic
  2. server M is malicious, it tries to trick the client into
     installing an incorrect substitute
  3. (key of) server A is authorised
  4. (key of) server M is _not_ authorised
  5. server A and M are both in substitute-urls
  6. server A only serves ‘classical’ substitutes, server B also serves
     via ERIS+ipfs
  7. Both A and M set the same FileHash, References, etc. in the
     narinfo
  8. However, M set an ERIS URN pointing to a backdoored substitute.
  9. The client trusts A, and A and B have the same FileHash etc.,
     so the client considers the narinfo of B to be authentic
     because it has the same FileHash.
 10. The client prefers ERIS above HTTP(S), so it downloads via M.
 11. The client now installed a backdoored substitute!

Greetings,
Maxime.