- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 2 Jul 2007 18:04:22 -0700
- To: Edward Lee <edilee@mozilla.com>
- Cc: ietf-http-wg@w3.org
On Jul 2, 2007, at 4:21 PM, Edward Lee wrote: > For Firefox 3, there are patches [1] that implement Link Fingerprints, > which provide automatic resource verification for URIs that look like > http://site.com/file#hash(sha256:abc123) so that link providers can be > sure that end users download the exact file that the provider intended > (and not a trojaned download). Identifiers should not be abused in this way. Adding metadata to a URI that is orthogonal to its identifying purpose duplicates the space of references and splits the power of the resulting resources. The same task can be accomplished better by specifying the hash in an attribute of the link/anchor instead, and deploying that is far less likely to confuse existing clients. ....Roy
Received on Tuesday, 3 July 2007 01:03:36 UTC