Re: Standardizing Firefox's Implementation of Link Fingerprints
Harald Tveit Alvestrand <harald@alvestrand.no> Tue, 24 July 2007 05:07 UTC
Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1IDCcL-0001yE-QV; Tue, 24 Jul 2007 01:07:29 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43)
id 1IDCcK-0001y7-98 for discuss-confirm+ok@megatron.ietf.org;
Tue, 24 Jul 2007 01:07:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1IDCcJ-0001xy-VJ
for discuss@apps.ietf.org; Tue, 24 Jul 2007 01:07:27 -0400
Received: from eikenes.alvestrand.no ([158.38.152.233])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IDCcI-0004Z7-F1
for discuss@apps.ietf.org; Tue, 24 Jul 2007 01:07:27 -0400
Received: from localhost (eikenes.alvestrand.no [127.0.0.1])
by eikenes.alvestrand.no (Postfix) with ESMTP id 0BCDB2596C1;
Tue, 24 Jul 2007 07:07:25 +0200 (CEST)
Received: from eikenes.alvestrand.no ([127.0.0.1])
by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id 11173-10; Tue, 24 Jul 2007 07:07:17 +0200 (CEST)
Received: from htat43p-no.corp.google.com (unknown [67.97.210.2])
by eikenes.alvestrand.no (Postfix) with ESMTP id 51823258100;
Tue, 24 Jul 2007 07:07:17 +0200 (CEST)
Date: Tue, 24 Jul 2007 00:06:01 -0500
From: Harald Tveit Alvestrand <harald@alvestrand.no>
To: Edward Lee <edilee@mozilla.com>, discuss@apps.ietf.org
Subject: Re: Standardizing Firefox's Implementation of Link Fingerprints
Message-ID: <5F9B1A4FEC49CCD7194121B7@[172.28.172.61]>
In-Reply-To: <dc07ed930707021624h25cb377dm1feb52d4dc02c2a8@mail.gmail.com>
References: <dc07ed930707021624h25cb377dm1feb52d4dc02c2a8@mail.gmail.com>
X-Mailer: Mulberry/4.0.7 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Virus-Scanned: by amavisd-new at alvestrand.no
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
Cc:
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols
<discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
Why is this scheme better than an HTML extension <a href="url" hash="md5:12345"> ? --On 2. juli 2007 16:24 -0700 Edward Lee <edilee@mozilla.com> wrote: > For Firefox 3, there are patches [1] that implement Link Fingerprints, > which provide automatic resource verification for URIs that look like > http://site.com/file#hash(sha256:abc123) so that link providers can be > sure that end users download the exact file that the provider intended > (and not a trojaned download). > > The fragment identifier portion of the URI is used for backwards > compatibility with existing clients while allowing for extended usage > across protocols (e.g., http, ftp) and resource contexts (e.g., a > href, img src). Additionally, fragment identifiers are not sent as > part of a HTTP request, so the network and servers do not need to be > changed. With the backwards compatibility, incremental deployment is > feasible with some clients supporting Link Fingerprints, and end users > don't need to do anything unless there's a fingerprint failure. > > An initial draft to standardize Link Fingerprints is available online.. > > https://people.mozilla.com/~edilee/draft-lee-uri-linkfingerprints-00.txt > > Feedback is welcome about the design, syntax, supported hashes, > failure cases, etc. > > Ed > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=377245 > > >
- Standardizing Firefox's Implementation of Link Fi… Edward Lee
- Re: Standardizing Firefox's Implementation of Lin… Dave Crocker
- Re: Standardizing Firefox's Implementation of Lin… Edward Lee
- Re: Standardizing Firefox's Implementation of Lin… Dave Crocker
- Re: Standardizing Firefox's Implementation of Lin… Keith Moore
- Re: Standardizing Firefox's Implementation of Lin… Philip Guenther
- Re: Standardizing Firefox's Implementation of Lin… Simon Josefsson
- Re: Standardizing Firefox's Implementation of Lin… Harald Tveit Alvestrand