Gervase Markham schrieb: > Nils Maier wrote: >> Link-Fingerprints originate from those crc,sfv,md5sums verification >> models. >> Each do only check given data, but do not tamper with it. >> Maybe you proposed hard-fail, but that's not what I ever had in mind, so >> it seems we have opposite opinions on this one. > > It could certainly be that we have different goals. My goal is to make > 100% certain that the user of a Link Fingerprint link either gets the > data the link was designed for, or gets no data at all. That's what > makes them a useful security measure. > > What is your goal for Link Fingerprints? >
Easy way of download verification like md5sums or other tools provide as well, but "built-in", easy-to-use and transparent. But not to mix up with real signatures (GPG), which are much stronger. I don't see LF as a way to actually prevent trojaned stuff (unless, of course, in case of just compromised mirrors). Informing the user about problems and letting him decide about proper actions. Not messing with his data without permission. >> Deleting my DVD iso of the newest bleeding edge Linux I spend days >> downloading on a dialup line without even asking feels wrong. > > Then don't use Link Fingerprints for such downloads. > Err, right?! I downloaded crap not even knowing about LF and the browser deletes that data. And then, afterwards, after everything is gone already, you come along to tell me that I shouldn't have used LF in the first place? > What are the possible options as to what has happened? > > 1) The download is corrupt. So you might as well delete it, because it's > no use to you. > Probably, but not certainly. It might have been an archive I just need some files from and am able to recover. Or I got a tool to repair it manually, or... Actually I did such repair (media files mostly) some times already. > 2) The download has been trojaned. So you definitely want to delete it. Maybe I want to recheck using another tool (md5sums, GPG) to see if LF messed up... LF are just to check for data-corruption anyway, as the source were the print came from is in general not more trustworthy than the data itself. > 3) The person supplying the Link Fingerprint URL screwed up. In which > case, it's their fault, and if they didn't mind you getting different > data, they shouldn't have used Link Fingerprints, or they should have > tested their URLs. In which case I got a fine download I'm about to throw away. Then I redownload stuff just to get same error. And again... In the end the webmaster is not in reach and I pull out good old IE just to download that file for me without deleting it after the download completes. > If I send someone a URL in email to a resource, do I just make the URL > up? No, I use one I know is good. > > If I send: > http://www.gerv.net/09F925FEC39AA/file.zip > when actually I meant: > http://www.gerv.net/CD236774DE35F/file.zip > then I've just sent the wrong link, period, and the recipient will not > be able to download the file. And it's my fault. > > This is exactly the same thing as sending a bogus link fingerprint. > > Gerv If you operate a rather small site you might be able to pass double-checked links along. Once sites get bigger and more complex or even automated stuff might get wrong more easily. And after all, human errors will occur sooner or later. LF are a pretty bad security measure (if at all), but good for checking for data-corruption. PS: Just read Michael's latest round of comments and I have to say I cannot agree more. _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
