- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 21 Mar 2008 23:29:57 +0000 (UTC)
On Fri, 21 Mar 2008, Gervase Markham wrote: > > Some WHAT-WG participants may be aware of Link Fingerprints, which was a > way to embed the hash of a file in a link to that file, thereby ensuring > that the link user got only the exact file the link creator was > referring to. http://www.foo.com/file.zip#!sha256:09F9... > > Implementing this idea was a Summer of Code project for Mozilla in 2007, > but the draft RFC received a chilly reception on various IETF mailing > lists. I have therefore reformulated Link Fingerprints as a simple > extension to HTML. This makes it useful in a smaller set of contexts, > but still hits the major use cases. > <a href="http://www.foo.com/file.zip" checksum="sha256:09F9...">File</a> > > The updated spec is here: > http://www.gerv.net/security/link-fingerprints/ > Please read it for more detailed aims, rationale and behaviour. > > Would the WHAT-WG be interested in looking at standardising this? > (Before anyone asks, the key difference between Link Fingerprints and > Content-MD5 is that the hash is served from a different server to the > file.) This was discussed back in 2006: http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2006-November/thread.html#7825 As far as I can tell, the issues raised in that thread are not yet addressed by the proposal above. (Thanks to Philip` for finding that link.) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 21 March 2008 16:29:57 UTC