IETF Logo Mail Archive

Re: Standardizing Firefox's Implementation of Link Fingerprints

Harald Tveit Alvestrand <harald@alvestrand.no> Tue, 24 July 2007 05:07 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IDCcL-0001yE-QV; Tue, 24 Jul 2007 01:07:29 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1IDCcK-0001y7-98 for discuss-confirm+ok@megatron.ietf.org; Tue, 24 Jul 2007 01:07:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IDCcJ-0001xy-VJ for discuss@apps.ietf.org; Tue, 24 Jul 2007 01:07:27 -0400
Received: from eikenes.alvestrand.no ([158.38.152.233]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IDCcI-0004Z7-F1 for discuss@apps.ietf.org; Tue, 24 Jul 2007 01:07:27 -0400
Received: from localhost (eikenes.alvestrand.no [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 0BCDB2596C1; Tue, 24 Jul 2007 07:07:25 +0200 (CEST)
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11173-10; Tue, 24 Jul 2007 07:07:17 +0200 (CEST)
Received: from htat43p-no.corp.google.com (unknown [67.97.210.2]) by eikenes.alvestrand.no (Postfix) with ESMTP id 51823258100; Tue, 24 Jul 2007 07:07:17 +0200 (CEST)
Date: Tue, 24 Jul 2007 00:06:01 -0500
From: Harald Tveit Alvestrand <harald@alvestrand.no>
To: Edward Lee <edilee@mozilla.com>, discuss@apps.ietf.org
Subject: Re: Standardizing Firefox's Implementation of Link Fingerprints
Message-ID: <5F9B1A4FEC49CCD7194121B7@[172.28.172.61]>
In-Reply-To: <dc07ed930707021624h25cb377dm1feb52d4dc02c2a8@mail.gmail.com>
References: <dc07ed930707021624h25cb377dm1feb52d4dc02c2a8@mail.gmail.com>
X-Mailer: Mulberry/4.0.7 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Virus-Scanned: by amavisd-new at alvestrand.no
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
Cc:
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

Why is this scheme better than an HTML extension
<a href="url" hash="md5:12345">
?


--On 2. juli 2007 16:24 -0700 Edward Lee <edilee@mozilla.com> wrote:

> For Firefox 3, there are patches [1] that implement Link Fingerprints,
> which provide automatic resource verification for URIs that look like
> http://site.com/file#hash(sha256:abc123) so that link providers can be
> sure that end users download the exact file that the provider intended
> (and not a trojaned download).
>
> The fragment identifier portion of the URI is used for backwards
> compatibility with existing clients while allowing for extended usage
> across protocols (e.g., http, ftp) and resource contexts (e.g., a
> href, img src). Additionally, fragment identifiers are not sent as
> part of a HTTP request, so the network and servers do not need to be
> changed. With the backwards compatibility, incremental deployment is
> feasible with some clients supporting Link Fingerprints, and end users
> don't need to do anything unless there's a fingerprint failure.
>
> An initial draft to standardize Link Fingerprints is available online..
>
> https://people.mozilla.com/~edilee/draft-lee-uri-linkfingerprints-00.txt
>
> Feedback is welcome about the design, syntax, supported hashes,
> failure cases, etc.
>
> Ed
>
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=377245
>
>
>

v2.8.7 | Report a Bug | By Email