[whatwg] Link Fingerprints (HTML version)

On Fri, 21 Mar 2008, Gervase Markham wrote:
>
> Some WHAT-WG participants may be aware of Link Fingerprints, which was a 
> way to embed the hash of a file in a link to that file, thereby ensuring 
> that the link user got only the exact file the link creator was 
> referring to. http://www.foo.com/file.zip#!sha256:09F9...
> 
> Implementing this idea was a Summer of Code project for Mozilla in 2007, 
> but the draft RFC received a chilly reception on various IETF mailing 
> lists. I have therefore reformulated Link Fingerprints as a simple 
> extension to HTML. This makes it useful in a smaller set of contexts, 
> but still hits the major use cases.
> <a href="http://www.foo.com/file.zip" checksum="sha256:09F9...">File</a>
> 
> The updated spec is here:
> http://www.gerv.net/security/link-fingerprints/
> Please read it for more detailed aims, rationale and behaviour.
> 
> Would the WHAT-WG be interested in looking at standardising this? 
> (Before anyone asks, the key difference between Link Fingerprints and 
> Content-MD5 is that the hash is served from a different server to the 
> file.)

This was discussed back in 2006:

   http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2006-November/thread.html#7825

As far as I can tell, the issues raised in that thread are not yet 
addressed by the proposal above.

(Thanks to Philip` for finding that link.)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Friday, 21 March 2008 16:29:57 UTC