For me it seems like the security is not really too excellent with this proposed system. For example if I make my own client to handle the download and send error message after the succesfull download the service thinks that there were a error but my client could still use the downloaded content fully.
Also what is the security model for the download server. For example if I just get the address of the content and deside to download it without informing any other servers here, I could get it totally free..
Have I missed something, or is it really like this ?