Re: Standardizing Firefox's Implementation of Link Fingerprints
"Edward Lee" <edilee@mozilla.com> Tue, 03 July 2007 00:57 UTC
Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1I5WiM-0002hS-3l; Mon, 02 Jul 2007 20:57:58 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43)
id 1I5WiK-0002bg-H1 for discuss-confirm+ok@megatron.ietf.org;
Mon, 02 Jul 2007 20:57:56 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1I5WiK-0002aU-6R
for discuss@apps.ietf.org; Mon, 02 Jul 2007 20:57:56 -0400
Received: from mu-out-0910.google.com ([209.85.134.188])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I5WiE-0000jm-5P
for discuss@apps.ietf.org; Mon, 02 Jul 2007 20:57:56 -0400
Received: by mu-out-0910.google.com with SMTP id w1so1935863mue
for <discuss@apps.ietf.org>; Mon, 02 Jul 2007 17:57:48 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
b=TYlty2iffEGhYi27bOW4HcR3YmbzjECePJtOfp1XThI8W0c9WMYRyHzN4wt1ZzUSstr/EnlMoqaO0I/hRwfUAM/RLY86pD+YLfJBPCoBlEdPkmGUagyRJqla27nLrxAZVsal/tCIiXQvH986U89RXOOqggNtq/hCfB6Ob+Fmp2o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
b=SrWEy6KjPGgqWL+i0TETWBTD+E+MzmHouofEGOGDMQObLGTg0x5+6a1iyTuWAg6qg1FnTA52Q3RrVwUpz60zJH+h3AbzM1qhbekaBWKyW+RT5ShcAF9ziaWT1jA8XoOrNoUuD8MJ7HHfFThU3D/PUe2TY9JZGsTwo1tInw1nAMw=
Received: by 10.82.170.2 with SMTP id s2mr14167494bue.1183424267485;
Mon, 02 Jul 2007 17:57:47 -0700 (PDT)
Received: by 10.82.164.16 with HTTP; Mon, 2 Jul 2007 17:57:47 -0700 (PDT)
Message-ID: <dc07ed930707021757l295f62c2sf4c5aa615745ebe6@mail.gmail.com>
Date: Mon, 2 Jul 2007 17:57:47 -0700
From: "Edward Lee" <edilee@mozilla.com>
To: dcrocker@bbiw.net
Subject: Re: Standardizing Firefox's Implementation of Link Fingerprints
In-Reply-To: <46899BA5.4000401@dcrocker.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <dc07ed930707021624h25cb377dm1feb52d4dc02c2a8@mail.gmail.com>
<46899BA5.4000401@dcrocker.net>
X-Google-Sender-Auth: eb8d93cfe105beb6
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols
<discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
On 7/2/07, Dave Crocker <dhc@dcrocker.net> wrote: > Although this sounds like an entirely reasonable option to add to URLs, I'm > curious just how much of a problem there is with downloads that are trojaned > using the correct domain name? One main use case of Link Fingerprints is for file mirroring networks. The portal server with high security can link to 3rd party mirrors that may or may not have the correct file that is being distributed. With just some clients supporting Link Fingerprints, the users that see the problem can report to the site administrator to quickly resolve the problem. For a recent example, WordPress announced on March 2, 2007 that some copies of version 2.1.1 was hijacked. "It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution." [1] Ed [1] http://wordpress.org/development/2007/03/upgrade-212/
- Standardizing Firefox's Implementation of Link Fi… Edward Lee
- Re: Standardizing Firefox's Implementation of Lin… Dave Crocker
- Re: Standardizing Firefox's Implementation of Lin… Edward Lee
- Re: Standardizing Firefox's Implementation of Lin… Dave Crocker
- Re: Standardizing Firefox's Implementation of Lin… Keith Moore
- Re: Standardizing Firefox's Implementation of Lin… Philip Guenther
- Re: Standardizing Firefox's Implementation of Lin… Simon Josefsson
- Re: Standardizing Firefox's Implementation of Lin… Harald Tveit Alvestrand