Bringing Tahoe ideas to HTTP
Alexandre Dulaunoy
adulau at gmail.com
Thu Sep 17 01:45:06 EDT 2009
On Thu, Aug 27, 2009 at 11:57 PM, Brian Warner <warner at lothar.com> wrote:
> == Integrity ==
>
> To start with integrity-checking, we could imagine a firefox plugin that
> validated a PyPI-style #md5= annotation on everything it loads. The rule
> would be that no action would be taken on the downloaded content until
> the hash was verified, and that a hash failure would be treated like a
> 404. Or maybe a slightly different error code, to indicate that the
> correct resource is unavailable and that it's a server-side problem, but
> it's because you got the wrong version of the document, rather than the
> document being missing altogether.
On the same idea,
there is an expired Internet-Draft called "Link Fingerprints" :
http://www.potaroo.net/ietf/idref/draft-lee-uri-linkfingerprints/
I made some experiments around while used as Machine Tag/Triple Tag[1] :
http://www.foo.be/cgi-bin/wiki.pl/MachineTagLinkFingerprint
to have an extension with OpenPGP detached signature.
Another potential use, it's to benefit from the number of users
checking the integrity and contribute back the computed
value into a "tagging" system like del.icio.us or any other
collaborative bookmarking.
I especially like the Firefox (or wget,curl) extension that
could compute the hash value and check it against various
contributed hashes. That could give a kind of confidence level
regarding the integrity of the file and its corresponding URL/URI.
Just some ideas,
adulau
[1] http://www.foo.be/cgi-bin/wiki.pl/MachineTag
--
-- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://www.foo.be/cgi-bin/wiki.pl/Diary
-- "Knowledge can create problems, it is not through ignorance
-- that we can solve them" Isaac Asimov
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list