W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: Standardizing Firefox's Implementation of Link Fingerprints

From: Roy T. Fielding <fielding@gbiv.com>
Date: Mon, 2 Jul 2007 18:04:22 -0700
Message-Id: <E72C532B-4219-4688-B1D9-17E34B9952A9@gbiv.com>
Cc: ietf-http-wg@w3.org
To: Edward Lee <edilee@mozilla.com>

On Jul 2, 2007, at 4:21 PM, Edward Lee wrote:
> For Firefox 3, there are patches [1] that implement Link Fingerprints,
> which provide automatic resource verification for URIs that look like
> http://site.com/file#hash(sha256:abc123) so that link providers can be
> sure that end users download the exact file that the provider intended
> (and not a trojaned download).

Identifiers should not be abused in this way.  Adding metadata to a URI
that is orthogonal to its identifying purpose duplicates the space of
references and splits the power of the resulting resources.  The same
task can be accomplished better by specifying the hash in an attribute
of the link/anchor instead, and deploying that is far less likely to
confuse existing clients.

....Roy
Received on Tuesday, 3 July 2007 01:03:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT