Gervase Markham wrote: > Nils Maier wrote: >> Gervase Markham schrieb: >>> Nils Maier wrote: >>>> Disallowing those "corrupt LF" request is in fact what I wouldn't like >>>> to see. >>> When they get a "link fingerprint check failed" error, how is a user to >>> tell the difference between "Oh, the webmaster screwed up" and "Someone >>> has trojaned this download"? >>> >>> Hard fail is the right way to go. >> >> Why would a trojan writer want to produce a corrupt LF link? >> I was talking about links here, not downloads ;) > > The point of Link Fingerprints is to tell you if the data you receive is > not the data the link provider wanted you to get. If the website gets > hacked and the download is trojaned, then the link fingerprint will fail.
Which are you talking about here? If a hacker has control over a box, and is interested in distributing a trojan, then he will most certainly know about the link fingeprinting and change the hash code as well, or otherwise all his work is useless. >> A corrupt LF link just means that there is no way to verify said >> download. > > Right. And the link provider obviously thought it was important that the > link was verified - otherwise they would not have used a link > fingerprint. So therefore the right course of action is not to give the > user some random data which could be anything, but to refuse to > download. As if the link actually led to a 500 Server Error, for example. > >>>> Even SSL will let you continue if there is something wrong like >>>> non-matching hostnames; and SSL provides reliable security. >>> We are changing this. >> >> This gets off-topic, but: Honestly? I fairly doubt it unless mozilla/FX >> want to loose a huge chunk of users. >> Do I need to switch over to IE just to load one of those damn common >> self-signed-to-localhost-certs "protected" sites? > > Self-signed is different to non-matching hostname. It's perfectly > possible to do a correct self-signed certificate. The current plan is > for those to appear just like an HTTP site - because they provide no > additional identity verification. > > Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
