[whatwg] validate attribute in <A>

Mike Hoye mhoye at neon.polkaroo.net
Thu Jan 26 10:55:31 PST 2006


On Thu, Jan 26, 2006 at 06:15:06AM +0600, Alexey Feldgendler wrote:
> On Thu, 26 Jan 2006 03:14:07 +0600, Mike Hoye <mhoye at neon.polkaroo.net>  
> wrote:
> >The validate attribute would describe an algorithm to employ and a result
> >to compare it to; for example, somebody downloading the en-US version
> >of FF 1.5 from the Mozilla.com homepage could click on a link like
> >
> >[a href="http://foo.com/mozilla-i686.tgz"
> > validate="{md5}b63fcdf4863e59c93d2a29df853b6046"]
> >
> >and the client could verify as it comes in that it does at least have
> >the md5sum that's advertised.  User notifications could include "no
> >validation", "successfully validated" and "failed validation", and act
> >according to the user's wishes in each case.
> 
> This can only be useful on the pages like "Select a mirror to download the  
> file from".

It's also useful in places where that choice is made for you behind the
scenes, which is more and more frequently the case. When I click on the
link on mozilla.com, for example, I start downloading a file from any
one of a (presumably large) number of places - for the naive end user,
there's not yet an easy way to be reasonably confident that this file
you're downloading from ftp.rz.tu-bs.de (sometimes something with the
word "mozilla" in the name, sometimes netscape, sometimes just an IP
address) is the file you're supposed to be getting.

I fact, now that I look at it, FF 1.5 doesn't even tell you where that
file is coming from, or notify you that it's not coming from mozilla.com
- it just pulls it in.

> Also, the user agent UI should make it clear when indicating a "valid"  
> download that the downloaded file is "considered valid by mozilla.com",  
> and not just "valid".

That's a good point; something like that could go into the download
manager dialog.
 
> I think that another one, probably more useful, attribute for <a> should  
> be "filesize" or something like that.

I think hash-validation would be a better approach, since filesize
verification is (in a sense) implicit. You still incur the bandwidth
cost, but if you're protecting against malicious downloads, filesize
is a much, much easier thing to fake. (bring back pkfluff!)

-- 
"ALL programs are poems, it's just that not all programmers are poets."
- Jonathan Guthrie



More information about the whatwg mailing list