Standardizing Firefox's Implementation of Link Fingerprints
"Edward Lee" <edilee@mozilla.com> Mon, 02 July 2007 23:24 UTC
Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1I5VFj-0002Ny-L9; Mon, 02 Jul 2007 19:24:19 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43)
id 1I5VFi-0002Ns-5i for discuss-confirm+ok@megatron.ietf.org;
Mon, 02 Jul 2007 19:24:18 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1I5VFh-0002Nk-Rn
for discuss@apps.ietf.org; Mon, 02 Jul 2007 19:24:17 -0400
Received: from nf-out-0910.google.com ([64.233.182.190])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I5VFc-0006vN-1N
for discuss@apps.ietf.org; Mon, 02 Jul 2007 19:24:17 -0400
Received: by nf-out-0910.google.com with SMTP id c10so59189nfd
for <discuss@apps.ietf.org>; Mon, 02 Jul 2007 16:24:10 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
b=b8gazorv+m+BycTYVM81fhY6LZ2iyYsbqW/ksuJavnGLWXo+GxnlxKedkuOW4g4vWdZqiJ5k6wPKgIByxJvVBYVVpRiM+5+SJ9Hzpnh0c41n6dDtAJ0VGvD0OLghi2tZmHtwXlCFHn37NQBtasXLTXyQe3hZNBeGTm3FxEL1AB4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
b=dS3oIr9rz4GeH5N8/CT9c4p/tPnarRgnq8kGLsvxn0UbldWdET6f4hMGpWd7S9KjmEjz4TckF/WowZZbxeDT5cQSMTYijakigQxKrWxBgRX8lPGkvNgjqkW7FOMb7jCQ0lICCxjMhmNRH3Nwifxa/E8iuePI6WpPyJL2btIZw+c=
Received: by 10.82.186.5 with SMTP id j5mr13982269buf.1183418650586;
Mon, 02 Jul 2007 16:24:10 -0700 (PDT)
Received: by 10.82.164.16 with HTTP; Mon, 2 Jul 2007 16:24:10 -0700 (PDT)
Message-ID: <dc07ed930707021624h25cb377dm1feb52d4dc02c2a8@mail.gmail.com>
Date: Mon, 2 Jul 2007 16:24:10 -0700
From: "Edward Lee" <edilee@mozilla.com>
To: discuss@apps.ietf.org
Subject: Standardizing Firefox's Implementation of Link Fingerprints
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Google-Sender-Auth: d09846643233b52e
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols
<discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>,
<mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
For Firefox 3, there are patches [1] that implement Link Fingerprints, which provide automatic resource verification for URIs that look like http://site.com/file#hash(sha256:abc123) so that link providers can be sure that end users download the exact file that the provider intended (and not a trojaned download). The fragment identifier portion of the URI is used for backwards compatibility with existing clients while allowing for extended usage across protocols (e.g., http, ftp) and resource contexts (e.g., a href, img src). Additionally, fragment identifiers are not sent as part of a HTTP request, so the network and servers do not need to be changed. With the backwards compatibility, incremental deployment is feasible with some clients supporting Link Fingerprints, and end users don't need to do anything unless there's a fingerprint failure. An initial draft to standardize Link Fingerprints is available online.. https://people.mozilla.com/~edilee/draft-lee-uri-linkfingerprints-00.txt Feedback is welcome about the design, syntax, supported hashes, failure cases, etc. Ed [1] https://bugzilla.mozilla.org/show_bug.cgi?id=377245
- Standardizing Firefox's Implementation of Link Fi… Edward Lee
- Re: Standardizing Firefox's Implementation of Lin… Dave Crocker
- Re: Standardizing Firefox's Implementation of Lin… Edward Lee
- Re: Standardizing Firefox's Implementation of Lin… Dave Crocker
- Re: Standardizing Firefox's Implementation of Lin… Keith Moore
- Re: Standardizing Firefox's Implementation of Lin… Philip Guenther
- Re: Standardizing Firefox's Implementation of Lin… Simon Josefsson
- Re: Standardizing Firefox's Implementation of Lin… Harald Tveit Alvestrand