- From: Mark Baker <distobj@acm.org>
- Date: Tue, 3 Jul 2007 09:32:52 -0400
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "Edward Lee" <edilee@mozilla.com>, ietf-http-wg@w3.org
On 7/2/07, Roy T. Fielding <fielding@gbiv.com> wrote: > > On Jul 2, 2007, at 4:21 PM, Edward Lee wrote: > > For Firefox 3, there are patches [1] that implement Link Fingerprints, > > which provide automatic resource verification for URIs that look like > > http://site.com/file#hash(sha256:abc123) so that link providers can be > > sure that end users download the exact file that the provider intended > > (and not a trojaned download). > > Identifiers should not be abused in this way. Adding metadata to a URI > that is orthogonal to its identifying purpose duplicates the space of > references and splits the power of the resulting resources. The same > task can be accomplished better by specifying the hash in an attribute > of the link/anchor instead, and deploying that is far less likely to > confuse existing clients. Exactly my thoughts. It might look like this; <a href="http://site.com/file" hash="sha256:abc123">the file</a> Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Coactus; Web-inspired integration strategies http://www.coactus.com
Received on Tuesday, 3 July 2007 13:33:02 UTC