[whatwg] checksum attribute in a href tag
Ian Hickson
ian at hixie.ch
Fri Oct 19 09:49:01 PDT 2012
On Fri, 19 Oct 2012, A. Rauschenbach wrote:
>
> I'm sick of coping the checksum of important files by hand or QR-code to
> the download manager or console.
>
> To solve the problem I suggest a checksum attribute in the <a href> tag.
>
> example: <a href="http://example.com/important.file"
> checksum="MD5:32c3675211199b671fbca1304d819289;SHA1:6e1ddeede3979c953788a3499616af35ee5fd772">download</a>
>
> Another advantage is that your visitors (browser) can verify that the
> document (e.g. a pdf) you linked to is still the same.
What is the attack scenario you are trying to avoid?
Without a discussion of what problem you're trying to solve, it's unclear
how to evaluate the proposal.
The idea of a hash="" or checksum="" attribute on <a href> has come up
before -- about once a year, as far as I can tell! -- but it's always been
found lacking in one way or another.
e.g.:
http://lists.w3.org/Archives/Public/public-whatwg-archive/2006Nov/thread.html#msg233
http://lists.w3.org/Archives/Public/public-whatwg-archive/2007Jul/0049.html
http://lists.w3.org/Archives/Public/public-whatwg-archive/2008Dec/0376.html
(in the third one, search for "fingerprint".)
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list