- From: Mark Nottingham <mnot@yahoo-inc.com>
- Date: Tue, 3 Jul 2007 11:59:09 +1000
- To: Edward Lee <edilee@mozilla.com>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
+1; standardising the format of metadata in a URI is bad practice. Yes, making the hash external to the link means you need some way to carry it -- such as another attribute -- but link metadata is a problem in other domains too, and piling it all into the URL is going to end up as a mess. Doing it this way makes the Web much more brittle, and just pushes the problem one step along -- if the links are compromised, the same risks are present. Please don't do this. On 2007/07/03, at 11:04 AM, Roy T. Fielding wrote: > > On Jul 2, 2007, at 4:21 PM, Edward Lee wrote: >> For Firefox 3, there are patches [1] that implement Link >> Fingerprints, >> which provide automatic resource verification for URIs that look like >> http://site.com/file#hash(sha256:abc123) so that link providers >> can be >> sure that end users download the exact file that the provider >> intended >> (and not a trojaned download). > > Identifiers should not be abused in this way. Adding metadata to a > URI > that is orthogonal to its identifying purpose duplicates the space of > references and splits the power of the resulting resources. The same > task can be accomplished better by specifying the hash in an attribute > of the link/anchor instead, and deploying that is far less likely to > confuse existing clients. > > ....Roy > > -- Mark Nottingham mnot@yahoo-inc.com
Received on Tuesday, 3 July 2007 01:59:56 UTC