Re: [whatwg] checksum attribute in a href tag

On Fri, Oct 19, 2012 at 11:46 AM, A. Rauschenbach <rauschenbach@annuo.de> wrote:
> Am 2012-10-19 18:49, schrieb Ian Hickson:
>> What is the attack scenario you are trying to avoid?
>>
>> Without a discussion of what problem you're trying to solve, it's unclear
>> how to evaluate the proposal.
>>
>> The idea of a hash="" or checksum="" attribute on <a href> has come up
>> before -- about once a year, as far as I can tell! -- but it's always been
>> found lacking in one way or another.
>>
> I don't want to avoid any attack scenario!
>
> I want trusted information.
>
> If I write an article and link to other documents I want a solution that the
> visitor can be sure that the document he opens is the document I originally
> linked to. (And if its not he gets informed. So he knows that the
> information maybe differ from the one the article talks about.)

That's also an attach scenario. ^_^

I doubt it would be very useful to use this for confirming that
arbitrary destination pages are the same.  Those can change in minor,
unimportant ways all the time; a lot of pages include some form of
dynamic content that means they'll almost *never* be exactly the same
from pageload to pageload.  It seems highly likely that trying to use
a checksum for this scenario would simply result in the browser
over-warning people, thus making the warning useless.

Using it specifically to defend against attack scenarios in
*downloads*, on the other hand, is more likely to be useful.
Downloads don't change nearly as much as pages do, so a change is more
likely to be a result of something you don't want, rather than simply
something incidental.

However, check out the threads that Hixie referenced.  The upsides and
downsides of something like this have been discussed quite a bit
already.

~TJ

Received on Friday, 19 October 2012 19:22:58 UTC