- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 19 Oct 2012 19:34:18 +0000 (UTC)
- To: "A. Rauschenbach" <rauschenbach@annuo.de>, "Tab Atkins Jr." <jackalmage@gmail.com>
- Cc: Whatwg <whatwg@whatwg.org>
On Fri, 19 Oct 2012, A. Rauschenbach wrote: > > If I write an article and link to other documents I want a solution that > the visitor can be sure that the document he opens is the document I > originally linked to. (And if its not he gets informed. So he knows that > the information maybe differ from the one the article talks about.) I don't think this is something that would be very practical. As Tab says, pages change a _lot_. You'd just always be getting a warning that the page had changed, even if the important content had not. > The second point is that verification if a file was downloaded correctly > is a computer task not a human task. A standard how to give the > verification information enables the browser/plugin vendors to do this > task. If the file is downloaded over TLS, then it's already verified. Pretty much any attack scenario in which the file can be corrupted (man-in-the-middle, server-side corruption, client-side corruption, etc) can attack the file just as easily as the hash, so there's not really any gain from checking a hash. (This applies equally well to manual checking.) Providing such a feature would, in most cases, just give users a false sense of security. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 19 October 2012 19:34:44 UTC