- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 19 Oct 2012 16:49:01 +0000 (UTC)
- To: "A. Rauschenbach" <rauschenbach@annuo.de>
- Cc: Whatwg <whatwg@whatwg.org>
On Fri, 19 Oct 2012, A. Rauschenbach wrote: > > I'm sick of coping the checksum of important files by hand or QR-code to > the download manager or console. > > To solve the problem I suggest a checksum attribute in the <a href> tag. > > example: <a href="http://example.com/important.file" > checksum="MD5:32c3675211199b671fbca1304d819289;SHA1:6e1ddeede3979c953788a3499616af35ee5fd772">download</a> > > Another advantage is that your visitors (browser) can verify that the > document (e.g. a pdf) you linked to is still the same. What is the attack scenario you are trying to avoid? Without a discussion of what problem you're trying to solve, it's unclear how to evaluate the proposal. The idea of a hash="" or checksum="" attribute on <a href> has come up before -- about once a year, as far as I can tell! -- but it's always been found lacking in one way or another. e.g.: http://lists.w3.org/Archives/Public/public-whatwg-archive/2006Nov/thread.html#msg233 http://lists.w3.org/Archives/Public/public-whatwg-archive/2007Jul/0049.html http://lists.w3.org/Archives/Public/public-whatwg-archive/2008Dec/0376.html (in the third one, search for "fingerprint".) -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 19 October 2012 16:49:33 UTC