Re: Standardizing Firefox's Implementation of Link Fingerprints

 -------------- Original message ----------------------
From: "Mark Baker" <distobj@acm.org>
> 
> On 7/2/07, Roy T. Fielding <fielding@gbiv.com> wrote:
> >
> > On Jul 2, 2007, at 4:21 PM, Edward Lee wrote:
> > > For Firefox 3, there are patches [1] that implement Link Fingerprints,
> > > which provide automatic resource verification for URIs that look like
> > > http://site.com/file#hash(sha256:abc123) so that link providers can be
> > > sure that end users download the exact file that the provider intended
> > > (and not a trojaned download).
> >
> > Identifiers should not be abused in this way.  Adding metadata to a URI
> > that is orthogonal to its identifying purpose duplicates the space of
> > references and splits the power of the resulting resources.  The same
> > task can be accomplished better by specifying the hash in an attribute
> > of the link/anchor instead, and deploying that is far less likely to
> > confuse existing clients.
> 
> Exactly my thoughts.  It might look like this;
> 
> <a href="http://site.com/file" hash="sha256:abc123">the file</a>

There's the hash attribute: http://wiki.whatwg.org/wiki/Link_Hashes

Besides that for making automatic use of full file checksums, there is a hash microformat, and these link fingerprints, both of which are basically unused and also the Content-MD5 header and metalink which are in use. 

At some point/file size, a full file checksum is only so useful. It can tell you if there were 0 errors, or some, but no way to find where the error was so it can be repaired instead of re-downloading the whole file from the beginning. metalink contains full file checksums and also partial file checksums for repairing downloads.

-- 
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
  )) Easier, More Reliable, Self Healing Downloads

Received on Tuesday, 3 July 2007 18:15:47 UTC