[whatwg] checksum attribute in a href tag
ian at hixie.ch
Wed Oct 24 09:28:40 PDT 2012
On Wed, 24 Oct 2012, Mikko Rantalainen wrote:
> Checksum can help even with encrypted connections.
> Example scenario:
> User connects to https://download.manufacturer.com/ and clicks link
> <a href="phone-firmware-15.img"
> version 15</a>
> The download then starts and file gets saved to the filesystem. However,
> the system has memory corruption and despite the fact that the file got
> to the user agent intact, the file will end up as corrupted to the
> However, if user agent had computed and verified the checksum after
> re-reading the file back from the local filesystem, it would have
> noticed the error.
> You might think that memory corruption is rare but trust me, it happens
> often enough to be worried about.
Memory corruption is indeed more common than people realise. But that's
not the important question. The important question is, does memory
corruption occur more often than mistakes in the checksum="" value will
occur? More often enough that when people get the message that there was a
download error, they'll trust the message rather than assuming it's just
"yet another" false positive?
Anyway, if you have memory corruption there's nothing to say the
corruption won't occur _after_ you've done the checksum verification. In
particular, there's nothing to say it'll happen between receiving and
decoding the packets over TLS and comparing the packets to the checksum,
and not either before (in which case TLS will catch it as part of its own
integrity checking) or after (in which case the checksum won't help).
That's a pretty narrow window.
My guess would be that people will screw up their hidden metadata (e.g.
updating the .img file without updating the HTML file) more often, much
more often, than the checksum will catch an error.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg