Gervase Markham schrieb: > Edward Lee wrote: >> The main reason for /Link Fingerprints for everything/ is that only >> doing the checks on a subset of things could confuse users that have >> learned the Link Fingerprint provides some level of security. > > I don't understand what you mean by "Link Fingerprints for everything". > If some URLs don't have Link Fingerprints, we can't make them up. > > Also, one of the big points of Link Fingerprints is that users are > entirely unaware of it. In the common case, it has no UI. The download > proceeds and succeeds and the user has no idea that the browser is > checking on his behalf that he has the right file. > >> One caveat is that as of *right now*, my implementation will kill a >> transfer if the expected hash is syntactically wrong (i.e., wrong length >> or contains non-hex characters). In this case, there will be no >> OnDataAvailables. > > That's fine. If someone sends out a URL with a bogus link fingerprint, > then they should have tested it. > > Link Fingerprints is designed from the start as a hard-fail system. If > the check fails, the user does _not_ get access to the data. If the > person supplying the URL wants the user to have the data even if it's > corrupt, then they shouldn't be using Link Fingerprints.
Link-Fingerprints originate from those crc,sfv,md5sums verification models. Each do only check given data, but do not tamper with it. Maybe you proposed hard-fail, but that's not what I ever had in mind, so it seems we have opposite opinions on this one. Like I wrote in all those other topics, I as a user would expect that the download manager would ask me on how to proceed if something fails. Deleting my DVD iso of the newest bleeding edge Linux I spend days downloading on a dialup line without even asking feels wrong. Or not downloading it in the first place (corrupt link) would get me upset, too. And I surely wouldn't blame that webmaster that messed up. In the end it was FX that destroyed my data or did not what I told it to do. I know this first-hand; even if the webmaster messed up people would blame dTa. Want to create a bad user perception then go ahead. >> The end-user who requested a Link Fingerprinted download in a browser >> that supports Link Fingerprints would expect the download to be checked. > > Assuming they know what they are, then I agree with that. > > Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
