Re: [whatwg] checksum attribute in a href tag from Mikko Rantalainen on 2012-10-24 (public-whatwg-archive@w3.org from October 2012)

From: Mikko Rantalainen <mikko.rantalainen@peda.net>
Date: Wed, 24 Oct 2012 09:11:15 +0300
To: whatwg@lists.whatwg.org
Message-ID: <50878683.2050404@peda.net>

Anne van Kesteren, 2012-10-19 14:57 (Europe/Helsinki):
> On Fri, Oct 19, 2012 at 1:50 PM, A. Rauschenbach <rauschenbach@annuo.de> wrote:
>> I'm sick of coping the checksum of important files by hand or QR-code to the
>> download manager or console.
>>
>> To solve the problem I suggest a checksum attribute in the <a href> tag.
>>
>> example: <a href="http://example.com/important.file"
>> checksum="MD5:32c3675211199b671fbca1304d819289;SHA1:6e1ddeede3979c953788a3499616af35ee5fd772">download</a>
>>
>> Another advantage is that your visitors (browser) can verify that the
>> document (e.g. a pdf) you linked to is still the same.
> 
> If you serve important files over HTTP without TLS I don't think a
> checksum is going to help anyone much.

Checksum can help even with encrypted connections.

Example scenario:

User connects to https://download.manufacturer.com/ and clicks link

<a href="phone-firmware-15.img"
checksum="MD5:32c3675211199b671fbca1304d819289;SHA1:6e1ddeede3979c953788a3499616af35ee5fd772">Firmware
version 15</a>

The download then starts and file gets saved to the filesystem. However,
the system has memory corruption and despite the fact that the file got
to the user agent intact, the file will end up as corrupted to the
filesystem.

However, if user agent had computed and verified the checksum after
re-reading the file back from the local filesystem, it would have
noticed the error.

You might think that memory corruption is rare but trust me, it happens
often enough to be worried about. After it has bitten you once, you
learn to be paranoid about that. I'm speaking from experience here - I
once had a memory corruption that caused three bits (out of 8GB) to
randomly fail and that caused filesystem data corruption. And I had
already been running a memory tester (memtest86) for a day without
errors after I had installed the memory so I assumed it would be fine.
Search for "git corrupt" for more evidence from real world software
developers and remember that software developers are usually using high
quality hardware.

You don't want to fail with an important opaque file such as a firmware
image. Hopefully the firmware image will contain internal checksum but
it wouldn't hurt if the problem were found before trying to flash the image.

-- 
Mikko

Received on Wednesday, 24 October 2012 06:11:41 UTC