W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: Standardizing Firefox's Implementation of Link Fingerprints

From: Mark Baker <distobj@acm.org>
Date: Tue, 3 Jul 2007 09:32:52 -0400
Message-ID: <e9dffd640707030632h6763a79atebc80a3515aeb190@mail.gmail.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: "Edward Lee" <edilee@mozilla.com>, ietf-http-wg@w3.org

On 7/2/07, Roy T. Fielding <fielding@gbiv.com> wrote:
>
> On Jul 2, 2007, at 4:21 PM, Edward Lee wrote:
> > For Firefox 3, there are patches [1] that implement Link Fingerprints,
> > which provide automatic resource verification for URIs that look like
> > http://site.com/file#hash(sha256:abc123) so that link providers can be
> > sure that end users download the exact file that the provider intended
> > (and not a trojaned download).
>
> Identifiers should not be abused in this way.  Adding metadata to a URI
> that is orthogonal to its identifying purpose duplicates the space of
> references and splits the power of the resulting resources.  The same
> task can be accomplished better by specifying the hash in an attribute
> of the link/anchor instead, and deploying that is far less likely to
> confuse existing clients.

Exactly my thoughts.  It might look like this;

<a href="http://site.com/file" hash="sha256:abc123">the file</a>

Mark.
-- 
Mark Baker.  Ottawa, Ontario, CANADA.         http://www.markbaker.ca
Coactus; Web-inspired integration strategies  http://www.coactus.com
Received on Tuesday, 3 July 2007 13:33:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT