[whatwg] hash Attribute
Michel Fortin
michel.fortin at michelf.com
Wed Nov 8 04:53:55 PST 2006
Le 8 nov. 2006 à 0:42, XcomCoolDude a écrit :
> How about a hash attribute for all elements that link to external
> files (a, img, etc.)?
>
> It would allow you to pass an MD5, SHA-1, SHA-256, or other hash to
> a user-agent for automatic comparison with the linked file.
>
> I'd suggest a format where the hash algorithm is listed, followed
> by a forward slash and then the hash itself
>
> Examples:
> hash="MD5/9e107d9d372bb6826bd81d3542a419d6"
> hash="SHA-1/2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12"
> hash="SHA-256/d7a8fbb3 07d78094 69ca9abc b0082e4f 8d5651e4 6d3cdb76
> 2d02d0bf 37c9e592"
I wonder if "checksum" wouldn't be a better name: it contains the
word "check" which better describe the purpose of the whole thing.
But whatever the name, I like the idea of having an automatic mean
for the browser to check the validity of downloaded documents. Many
download pages already offer such checksums, but I rarely take the
time to check manually after the download.
Charles Iliya Krempeaux suggested to include the hash as an HTTP
header. This would cover the case of an error in the transmission of
a document, but it wouldn't in the case a file got maliciously
modified on the server. In many cases, the web page for downloading
the file is on a different server than the file itself; by providing
the hash on the download page and checking it against the actual file
you've received you get additional security against malicious file
substitutions. This becomes increasingly important when files are
mirrored on a couple of servers at different locations.
Michel Fortin
michel.fortin at michelf.com
http://www.michelf.com/
More information about the whatwg
mailing list