[whatwg] Link Fingerprints (HTML version)
Ian Hickson
ian at hixie.ch
Fri Mar 21 16:29:57 PDT 2008
On Fri, 21 Mar 2008, Gervase Markham wrote:
>
> Some WHAT-WG participants may be aware of Link Fingerprints, which was a
> way to embed the hash of a file in a link to that file, thereby ensuring
> that the link user got only the exact file the link creator was
> referring to. http://www.foo.com/file.zip#!sha256:09F9...
>
> Implementing this idea was a Summer of Code project for Mozilla in 2007,
> but the draft RFC received a chilly reception on various IETF mailing
> lists. I have therefore reformulated Link Fingerprints as a simple
> extension to HTML. This makes it useful in a smaller set of contexts,
> but still hits the major use cases.
> <a href="http://www.foo.com/file.zip" checksum="sha256:09F9...">File</a>
>
> The updated spec is here:
> http://www.gerv.net/security/link-fingerprints/
> Please read it for more detailed aims, rationale and behaviour.
>
> Would the WHAT-WG be interested in looking at standardising this?
> (Before anyone asks, the key difference between Link Fingerprints and
> Content-MD5 is that the hash is served from a different server to the
> file.)
This was discussed back in 2006:
http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2006-November/thread.html#7825
As far as I can tell, the issues raised in that thread are not yet
addressed by the proposal above.
(Thanks to Philip` for finding that link.)
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list