W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: Standardizing Firefox's Implementation of Link Fingerprints

From: Anthony Bryan <albryan@comcast.net>
Date: Tue, 03 Jul 2007 18:15:35 +0000
To: "Mark Baker" <distobj@acm.org>, "Roy T. Fielding" <fielding@gbiv.com>
Cc: "Edward Lee" <edilee@mozilla.com>, ietf-http-wg@w3.org
Message-Id: <070320071815.27243.468A9247000AFBDB00006A6B2200761064020E979D0D040E@comcast.net>

 -------------- Original message ----------------------
From: "Mark Baker" <distobj@acm.org>
> 
> On 7/2/07, Roy T. Fielding <fielding@gbiv.com> wrote:
> >
> > On Jul 2, 2007, at 4:21 PM, Edward Lee wrote:
> > > For Firefox 3, there are patches [1] that implement Link Fingerprints,
> > > which provide automatic resource verification for URIs that look like
> > > http://site.com/file#hash(sha256:abc123) so that link providers can be
> > > sure that end users download the exact file that the provider intended
> > > (and not a trojaned download).
> >
> > Identifiers should not be abused in this way.  Adding metadata to a URI
> > that is orthogonal to its identifying purpose duplicates the space of
> > references and splits the power of the resulting resources.  The same
> > task can be accomplished better by specifying the hash in an attribute
> > of the link/anchor instead, and deploying that is far less likely to
> > confuse existing clients.
> 
> Exactly my thoughts.  It might look like this;
> 
> <a href="http://site.com/file" hash="sha256:abc123">the file</a>

There's the hash attribute: http://wiki.whatwg.org/wiki/Link_Hashes

Besides that for making automatic use of full file checksums, there is a hash microformat, and these link fingerprints, both of which are basically unused and also the Content-MD5 header and metalink which are in use. 

At some point/file size, a full file checksum is only so useful. It can tell you if there were 0 errors, or some, but no way to find where the error was so it can be repaired instead of re-downloading the whole file from the beginning. metalink contains full file checksums and also partial file checksums for repairing downloads.

-- 
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
  )) Easier, More Reliable, Self Healing Downloads
Received on Tuesday, 3 July 2007 18:15:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT