On Thu, Aug 27, 2009 at 11:57 PM, Brian Warner <war...@lothar.com> wrote:
> == Integrity == > > To start with integrity-checking, we could imagine a firefox plugin that > validated a PyPI-style #md5= annotation on everything it loads. The rule > would be that no action would be taken on the downloaded content until > the hash was verified, and that a hash failure would be treated like a > 404. Or maybe a slightly different error code, to indicate that the > correct resource is unavailable and that it's a server-side problem, but > it's because you got the wrong version of the document, rather than the > document being missing altogether. On the same idea, there is an expired Internet-Draft called "Link Fingerprints" : http://www.potaroo.net/ietf/idref/draft-lee-uri-linkfingerprints/ I made some experiments around while used as Machine Tag/Triple Tag[1] : http://www.foo.be/cgi-bin/wiki.pl/MachineTagLinkFingerprint to have an extension with OpenPGP detached signature. Another potential use, it's to benefit from the number of users checking the integrity and contribute back the computed value into a "tagging" system like del.icio.us or any other collaborative bookmarking. I especially like the Firefox (or wget,curl) extension that could compute the hash value and check it against various contributed hashes. That could give a kind of confidence level regarding the integrity of the file and its corresponding URL/URI. Just some ideas, adulau [1] http://www.foo.be/cgi-bin/wiki.pl/MachineTag -- -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/ -- http://www.foo.be/cgi-bin/wiki.pl/Diary -- "Knowledge can create problems, it is not through ignorance -- that we can solve them" Isaac Asimov --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
