Re: [whatwg] hash Attribute
Hello Gervase, On 11/15/06, Gervase Markham <[EMAIL PROTECTED]> wrote: Michel Fortin wrote: > I'm beginning to think that the link "fingerprint" method is best > solution because the hash is more portable as part of the URL. I could > for instance copy a fingerprinted URL right into this email: > > http://example.com/file#!md5!b3187253c1667fac7d20bb762ad53967 Indeed, that's one of the major use cases. > and a knowledgeable browser receiving this URL would know how to check > the validity of the received document. The two concerns I have with it > is that it somewhat distorts the concept of a fragment identifier, It does a bit; but the fragment identifier is unused for binary downloads, so there's not much risk of a clash. Just an FYI. I've been promoting the use of fragments for (binary) video file. (Not here... but privately and on one public mailing list.) For example... http://example.com/video.mpeg#smtpe(01:20:39:15) Also, I've suggested (privately and on one public mailing list) the use of fragments on video files for "pointing to" clips. (I.e., "pointing to" intervals of the video.) For example... http://example.com/video.mpeg#smtpe(01:20:39:15-01:28:14:50) (Note that there are 2 SMTPE time codes there separated with a hypen. So it would be the clip, with in the video, from "01:20:39:15" to "01:28:14:50".) (This notation was inspired by the "xpointer" fragments.) See ya Also, "!" is currently not legal in HTML ids, AIUI. > and > it's generally going to be lost if there is any redirection (although a > browser that knows about fingerprints could keep them across redirections). Indeed. In fact, it would be a security flaw to update the identifier on redirect. Gerv -- Charles Iliya Krempeaux, B.Sc. charles @ reptile.ca supercanadian @ gmail.com developer weblog: http://ChangeLog.ca/
Re: [whatwg] hash Attribute
Michel Fortin wrote: I'm beginning to think that the link "fingerprint" method is best solution because the hash is more portable as part of the URL. I could for instance copy a fingerprinted URL right into this email: http://example.com/file#!md5!b3187253c1667fac7d20bb762ad53967 Indeed, that's one of the major use cases. and a knowledgeable browser receiving this URL would know how to check the validity of the received document. The two concerns I have with it is that it somewhat distorts the concept of a fragment identifier, It does a bit; but the fragment identifier is unused for binary downloads, so there's not much risk of a clash. Also, "!" is currently not legal in HTML ids, AIUI. and it's generally going to be lost if there is any redirection (although a browser that knows about fingerprints could keep them across redirections). Indeed. In fact, it would be a security flaw to update the identifier on redirect. Gerv
Re: [whatwg] hash Attribute
Le 13 nov. 2006 à 1:39, ryan king a écrit : On Nov 8, 2006, at 8:28 AM, Ian Hickson wrote: Given the various mechanisms that already exist to do this, it seems like adding yet another one would be a bad idea. I concur. If people are already using these technologies, we could learn from their usage and find ways to improve the technology. If they aren't being used widely, it would be wise to question whether there is demand for this functionality. I'm sure there is demand. A lot of software download pages already give you MD5 or SHA-1 digests values to check the validity of the downloaded file, but it's trouble to check them manually and people rarely do so. I see only two mechanisms that do what the hash attribute would do: it's the hash microformat[1] and link fingerprints[2]. All others require either special URIs schemes[2] which won't work in today's browsers, or are attached directly to the file, like the md5-digest HTTP header, which means that a tampered file is very likely to get its digest updated accordingly. [1]: http://microformats.org/wiki/hash-examples [2]: http://mdhashtool.mozdev.org/lfinfo.html [3]: http://magnet-uri.sourceforge.net/ I'm beginning to think that the link "fingerprint" method is best solution because the hash is more portable as part of the URL. I could for instance copy a fingerprinted URL right into this email: http://example.com/file#!md5!b3187253c1667fac7d20bb762ad53967 and a knowledgeable browser receiving this URL would know how to check the validity of the received document. The two concerns I have with it is that it somewhat distorts the concept of a fragment identifier, and it's generally going to be lost if there is any redirection (although a browser that knows about fingerprints could keep them across redirections). Michel Fortin [EMAIL PROTECTED] http://www.michelf.com/
Re: [whatwg] hash Attribute
On Nov 8, 2006, at 8:28 AM, Ian Hickson wrote: Given the various mechanisms that already exist to do this, it seems like adding yet another one would be a bad idea. I concur. If people are already using these technologies, we could learn from their usage and find ways to improve the technology. If they aren't being used widely, it would be wise to question whether there is demand for this functionality. -ryan
Re: [whatwg] hash Attribute
Regarding the idea of a hashing feature for downloads: * I don't see why this idea should be in HTML rather than doing it the way that the many, many existing solutions do it. * I don't see why this idea would work anyway. All the proposed UIs have obvious and fatal flaws. Both of these points need to be fully addressed before it would make sense to add this feature to HTML. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] hash Attribute
Ian Hickson wrote: "The file you have downloaded has been corrupted or tampered with." "It works when I use IE but when I use Camari, it says that the file has been corrupted." "Oh man, I'm not using Camari then! I don't need my music to get corrupted!" Yes, yes. I don't think it's impossible to convey the sense of what's going on here to users. Perhaps I haven't got it first time. But my text drafting inadequacies don't make it a poor idea. [Delete File] [Keep Unsafe File] "Keep Unsafe File" would make the feature as useless as SSL certificates are today. Fair enough; let's not have it then. That's what I recommended for Link Fingerprints. Gerv
Re: [whatwg] hash Attribute
XcomCoolDude wrote: How about a hash attribute for all elements that link to external files (a, img, etc.)? It would allow you to pass an MD5, SHA-1, SHA-256, or other hash to a user-agent for automatic comparison with the linked file. A related proposal is: http://www.gerv.net/security/link-fingerprints/ That proposal has the advantage that the hash can accompany the URL into non-HTML contexts. I'd suggest a format where the hash algorithm is listed, followed by a forward slash and then the hash itself To ease the implementation and interoperability burden, the smallest possible number of hash functions should be required to be supported. Gerv
Re: [whatwg] hash Attribute
On Thu, 9 Nov 2006, Gervase Markham wrote: > Ian Hickson wrote: > > If the idea is that UAs that implement this would stop you from using the > > file if the checksum didn't match, then this would just cause users to use > > browsers _without_ this feature to download files, since those browsers > > wouldn't complain about data corruption. "It works when I use IE to download > > the file but when I use Camari, it says 'checksum error'." > > Hopefully, it would instead say: > > "The file you have downloaded has been corrupted or tampered with." "It works when I use IE but when I use Camari, it says that the file has been corrupted." "Oh man, I'm not using Camari then! I don't need my music to get corrupted!" > [Delete File] [Keep Unsafe File] "Keep Unsafe File" would make the feature as useless as SSL certificates are today. > It might even just delete it without asking you. After all, you haven't > actually got the file you wanted - or that the person linking wanted you > to have. If they didn't want this behaviour, they wouldn't have used a > URL with a hash. Exactly. But then you're back to the "it works in the older browser" problem. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] hash Attribute
Ian Hickson wrote: If the idea is that UAs that implement this would stop you from using the file if the checksum didn't match, then this would just cause users to use browsers _without_ this feature to download files, since those browsers wouldn't complain about data corruption. "It works when I use IE to download the file but when I use Camari, it says 'checksum error'." Hopefully, it would instead say: "The file you have downloaded has been corrupted or tampered with." [Delete File] [Keep Unsafe File] It might even just delete it without asking you. After all, you haven't actually got the file you wanted - or that the person linking wanted you to have. If they didn't want this behaviour, they wouldn't have used a URL with a hash. Gerv
Re: [whatwg] hash Attribute
Michel: Actually, hash is the proper term. Checksums are much simpler, and are used only for checking against accidental modifications, whereas cryptographic hash functions are used to protect against malicious tampering. See http://en.wikipedia.org/wiki/Checksum.Ian: I imagine most user-agents would just warn the user, but still allow the file to be opened. Want to start your own business? Learn how on Yahoo! Small Business.
Re: [whatwg] hash Attribute
On Tue, 7 Nov 2006, XcomCoolDude wrote: > > How about a hash attribute for all elements that link to external files > (a, img, etc.)? What would it do? Could you give the implementation requirements? If the idea is that UAs that implement this would stop you from using the file if the checksum didn't match, then this would just cause users to use browsers _without_ this feature to download files, since those browsers wouldn't complain about data corruption. "It works when I use IE to download the file but when I use Camari, it says 'checksum error'." On Tue, 7 Nov 2006, Charles Iliya Krempeaux wrote: > > http://microformats.org/wiki/hash-examples > > Aren't URNs already being very commonly used for hashes. > > Also, something else to think about is that, under certain conditions, > this info could potentially be passed along via HTTP headers. > > Also related are MAGNET-URIs... > >http://magnet-uri.sourceforge.net/ On Wed, 8 Nov 2006, Tom Pike wrote: > > Additionally, this case is already covered by the HTTP spec, namely the > Content-MD5 header: > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.15 Given the various mechanisms that already exist to do this, it seems like adding yet another one would be a bad idea. -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Re: [whatwg] hash Attribute
Michel Fortin wrote: > Charles Iliya Krempeaux suggested to include the hash as an HTTP header. > This would cover the case of an error in the transmission of a document, > but it wouldn't in the case a file got maliciously modified on the > server. ... Additionally, this case is already covered by the HTTP spec, namely the Content-MD5 header: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.15 Admittedly it only supports MD5 checksums; whether this is worth extending is another matter. Best regards Tom Pike
Re: [whatwg] hash Attribute
Le 8 nov. 2006 à 0:42, XcomCoolDude a écrit : How about a hash attribute for all elements that link to external files (a, img, etc.)? It would allow you to pass an MD5, SHA-1, SHA-256, or other hash to a user-agent for automatic comparison with the linked file. I'd suggest a format where the hash algorithm is listed, followed by a forward slash and then the hash itself Examples: hash="MD5/9e107d9d372bb6826bd81d3542a419d6" hash="SHA-1/2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12" hash="SHA-256/d7a8fbb3 07d78094 69ca9abc b0082e4f 8d5651e4 6d3cdb76 2d02d0bf 37c9e592" I wonder if "checksum" wouldn't be a better name: it contains the word "check" which better describe the purpose of the whole thing. But whatever the name, I like the idea of having an automatic mean for the browser to check the validity of downloaded documents. Many download pages already offer such checksums, but I rarely take the time to check manually after the download. Charles Iliya Krempeaux suggested to include the hash as an HTTP header. This would cover the case of an error in the transmission of a document, but it wouldn't in the case a file got maliciously modified on the server. In many cases, the web page for downloading the file is on a different server than the file itself; by providing the hash on the download page and checking it against the actual file you've received you get additional security against malicious file substitutions. This becomes increasingly important when files are mirrored on a couple of servers at different locations. Michel Fortin [EMAIL PROTECTED] http://www.michelf.com/
Re: [whatwg] hash Attribute
Hello,Also related are MAGNET-URIs... http://magnet-uri.sourceforge.net/See yaOn 11/7/06, Charles Iliya Krempeaux <[EMAIL PROTECTED]> wrote: Hello,Also, something else to think about is that, under certain conditions, this info could potentially be passed along via HTTP headers.Maybe something like:HTTP/1.1 200 OKLink: < urn:sha1:dRDPBgZzTFq7Jl2Q2N/YNghcfj8=>; rel="hash"See yaOn 11/7/06, Charles Iliya Krempeaux < [EMAIL PROTECTED]> wrote:Hello,Here's something else related... http://microformats.org/wiki/hash-examplesSee ya On 11/7/06, Charles Iliya Krempeaux <[EMAIL PROTECTED]> wrote: Hello,Aren't URNs already being very commonly used for hashes. For example... urn:sha1:dRDPBgZzTFq7Jl2Q2N/YNghcfj8= urn:md5:FNG4c6MJLdDEY1rcoGb4pQ== urn:kzhash:0bf4c9a50c1058fb6887ad0419ecfc06dc192c69163ea2c45c632dab1cab1e1fbd6fbf1e urn:tiger:tree:ZAJPZOPES4YGIPNHLHDQHD5FHSAFSPIYG7IOO3Y urn:bitprint:QLFYWY2RI5WZCTEP6MJKR5CAFGP7FQ5X.VEKXTRSJPTZJLY2IKG5FQ2TCXK26SECFPP4DX7IPerhaps it would be good to keep with that format. See yaOn 11/7/06, XcomCoolDude < [EMAIL PROTECTED]> wrote: How about a hash attribute for all elements that link to external files (a, img, etc.)?It would allow you to pass an MD5, SHA-1, SHA-256, or other hash to a user-agent for automatic comparison with the linked file. I'd suggest a format where the hash algorithm is listed, followed by a forward slash and then the hash itselfExamples:hash="MD5/9e107d9d372bb6826bd81d3542a419d6"hash="SHA-1/2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12" hash="SHA-256/d7a8fbb3 07d78094 69ca9abc b0082e4f 8d5651e4 6d3cdb76 2d02d0bf 37c9e592"See my thread over at mozillaZine for more info and other ideas: http://forums.mozillazine.org/viewtopic.php?p=2234056--Wulf -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.casupercanadian @ gmail.comdeveloper weblog: http://ChangeLog.ca/ -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.ca supercanadian @ gmail.com developer weblog: http://ChangeLog.ca/ -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.ca supercanadian @ gmail.com developer weblog: http://ChangeLog.ca/ -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.casupercanadian @ gmail.com developer weblog: http://ChangeLog.ca/
Re: [whatwg] hash Attribute
Hello,Also, something else to think about is that, under certain conditions, this info could potentially be passed along via HTTP headers.Maybe something like:HTTP/1.1 200 OKLink: < urn:sha1:dRDPBgZzTFq7Jl2Q2N/YNghcfj8=>; rel="hash"See yaOn 11/7/06, Charles Iliya Krempeaux < [EMAIL PROTECTED]> wrote:Hello,Here's something else related... http://microformats.org/wiki/hash-examplesSee ya On 11/7/06, Charles Iliya Krempeaux <[EMAIL PROTECTED]> wrote: Hello,Aren't URNs already being very commonly used for hashes. For example... urn:sha1:dRDPBgZzTFq7Jl2Q2N/YNghcfj8= urn:md5:FNG4c6MJLdDEY1rcoGb4pQ== urn:kzhash:0bf4c9a50c1058fb6887ad0419ecfc06dc192c69163ea2c45c632dab1cab1e1fbd6fbf1e urn:tiger:tree:ZAJPZOPES4YGIPNHLHDQHD5FHSAFSPIYG7IOO3Y urn:bitprint:QLFYWY2RI5WZCTEP6MJKR5CAFGP7FQ5X.VEKXTRSJPTZJLY2IKG5FQ2TCXK26SECFPP4DX7IPerhaps it would be good to keep with that format. See yaOn 11/7/06, XcomCoolDude < [EMAIL PROTECTED]> wrote: How about a hash attribute for all elements that link to external files (a, img, etc.)?It would allow you to pass an MD5, SHA-1, SHA-256, or other hash to a user-agent for automatic comparison with the linked file. I'd suggest a format where the hash algorithm is listed, followed by a forward slash and then the hash itselfExamples:hash="MD5/9e107d9d372bb6826bd81d3542a419d6"hash="SHA-1/2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12" hash="SHA-256/d7a8fbb3 07d78094 69ca9abc b0082e4f 8d5651e4 6d3cdb76 2d02d0bf 37c9e592"See my thread over at mozillaZine for more info and other ideas: http://forums.mozillazine.org/viewtopic.php?p=2234056--Wulf -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.casupercanadian @ gmail.comdeveloper weblog: http://ChangeLog.ca/ -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.ca supercanadian @ gmail.com developer weblog: http://ChangeLog.ca/ -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.casupercanadian @ gmail.com developer weblog: http://ChangeLog.ca/
Re: [whatwg] hash Attribute
Hello,Here's something else related... http://microformats.org/wiki/hash-examplesSee yaOn 11/7/06, Charles Iliya Krempeaux <[EMAIL PROTECTED]> wrote: Hello,Aren't URNs already being very commonly used for hashes. For example... urn:sha1:dRDPBgZzTFq7Jl2Q2N/YNghcfj8= urn:md5:FNG4c6MJLdDEY1rcoGb4pQ== urn:kzhash:0bf4c9a50c1058fb6887ad0419ecfc06dc192c69163ea2c45c632dab1cab1e1fbd6fbf1e urn:tiger:tree:ZAJPZOPES4YGIPNHLHDQHD5FHSAFSPIYG7IOO3Y urn:bitprint:QLFYWY2RI5WZCTEP6MJKR5CAFGP7FQ5X.VEKXTRSJPTZJLY2IKG5FQ2TCXK26SECFPP4DX7IPerhaps it would be good to keep with that format. See yaOn 11/7/06, XcomCoolDude < [EMAIL PROTECTED]> wrote: How about a hash attribute for all elements that link to external files (a, img, etc.)?It would allow you to pass an MD5, SHA-1, SHA-256, or other hash to a user-agent for automatic comparison with the linked file. I'd suggest a format where the hash algorithm is listed, followed by a forward slash and then the hash itselfExamples:hash="MD5/9e107d9d372bb6826bd81d3542a419d6"hash="SHA-1/2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12" hash="SHA-256/d7a8fbb3 07d78094 69ca9abc b0082e4f 8d5651e4 6d3cdb76 2d02d0bf 37c9e592"See my thread over at mozillaZine for more info and other ideas: http://forums.mozillazine.org/viewtopic.php?p=2234056--Wulf -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.casupercanadian @ gmail.comdeveloper weblog: http://ChangeLog.ca/ -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.casupercanadian @ gmail.com developer weblog: http://ChangeLog.ca/
Re: [whatwg] hash Attribute
Hello,Aren't URNs already being very commonly used for hashes. For example... urn:sha1:dRDPBgZzTFq7Jl2Q2N/YNghcfj8= urn:md5:FNG4c6MJLdDEY1rcoGb4pQ== urn:kzhash:0bf4c9a50c1058fb6887ad0419ecfc06dc192c69163ea2c45c632dab1cab1e1fbd6fbf1e urn:tiger:tree:ZAJPZOPES4YGIPNHLHDQHD5FHSAFSPIYG7IOO3Y urn:bitprint:QLFYWY2RI5WZCTEP6MJKR5CAFGP7FQ5X.VEKXTRSJPTZJLY2IKG5FQ2TCXK26SECFPP4DX7IPerhaps it would be good to keep with that format. See yaOn 11/7/06, XcomCoolDude <[EMAIL PROTECTED]> wrote: How about a hash attribute for all elements that link to external files (a, img, etc.)?It would allow you to pass an MD5, SHA-1, SHA-256, or other hash to a user-agent for automatic comparison with the linked file. I'd suggest a format where the hash algorithm is listed, followed by a forward slash and then the hash itselfExamples:hash="MD5/9e107d9d372bb6826bd81d3542a419d6"hash="SHA-1/2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12" hash="SHA-256/d7a8fbb3 07d78094 69ca9abc b0082e4f 8d5651e4 6d3cdb76 2d02d0bf 37c9e592"See my thread over at mozillaZine for more info and other ideas: http://forums.mozillazine.org/viewtopic.php?p=2234056--Wulf -- Charles Iliya Krempeaux, B.Sc.charles @ reptile.casupercanadian @ gmail.comdeveloper weblog: http://ChangeLog.ca/
