Re: Standardizing Firefox's Implementation of Link Fingerprints

On 7/2/07, Roy T. Fielding <fielding@gbiv.com> wrote:
>
> On Jul 2, 2007, at 4:21 PM, Edward Lee wrote:
> > For Firefox 3, there are patches [1] that implement Link Fingerprints,
> > which provide automatic resource verification for URIs that look like
> > http://site.com/file#hash(sha256:abc123) so that link providers can be
> > sure that end users download the exact file that the provider intended
> > (and not a trojaned download).
>
> Identifiers should not be abused in this way.  Adding metadata to a URI
> that is orthogonal to its identifying purpose duplicates the space of
> references and splits the power of the resulting resources.  The same
> task can be accomplished better by specifying the hash in an attribute
> of the link/anchor instead, and deploying that is far less likely to
> confuse existing clients.

Exactly my thoughts.  It might look like this;

<a href="http://site.com/file" hash="sha256:abc123">the file</a>

Mark.
-- 
Mark Baker.  Ottawa, Ontario, CANADA.         http://www.markbaker.ca
Coactus; Web-inspired integration strategies  http://www.coactus.com

Received on Tuesday, 3 July 2007 13:33:02 UTC