Some WHAT-WG participants may be aware of Link Fingerprints, which was a
way to embed the hash of a file in a link to that file, thereby ensuring
that the link user got only the exact file the link creator was
referring to.
http://www.foo.com/file.zip#!sha256:09F9...
Implementing this idea was a Summer of Code project for Mozilla in 2007,
but the draft RFC received a chilly reception on various IETF mailing
lists. I have therefore reformulated Link Fingerprints as a simple
extension to HTML. This makes it useful in a smaller set of contexts,
but still hits the major use cases.
<a href="http://www.foo.com/file.zip"; checksum="sha256:09F9...">File</a>
The updated spec is here:
http://www.gerv.net/security/link-fingerprints/
Please read it for more detailed aims, rationale and behaviour.
Would the WHAT-WG be interested in looking at standardising this?
(Before anyone asks, the key difference between Link Fingerprints and
Content-MD5 is that the hash is served from a different server to the file.)
Gerv
