[whatwg] Link Fingerprints (HTML version)

Gervase Markham gerv at mozilla.org
Fri Mar 21 02:19:57 PDT 2008


Some WHAT-WG participants may be aware of Link Fingerprints, which was a 
way to embed the hash of a file in a link to that file, thereby ensuring 
that the link user got only the exact file the link creator was 
referring to.
http://www.foo.com/file.zip#!sha256:09F9...

Implementing this idea was a Summer of Code project for Mozilla in 2007, 
but the draft RFC received a chilly reception on various IETF mailing 
lists. I have therefore reformulated Link Fingerprints as a simple 
extension to HTML. This makes it useful in a smaller set of contexts, 
but still hits the major use cases.
<a href="http://www.foo.com/file.zip" checksum="sha256:09F9...">File</a>

The updated spec is here:
http://www.gerv.net/security/link-fingerprints/
Please read it for more detailed aims, rationale and behaviour.

Would the WHAT-WG be interested in looking at standardising this? 
(Before anyone asks, the key difference between Link Fingerprints and 
Content-MD5 is that the hash is served from a different server to the file.)

Gerv



More information about the whatwg mailing list