Bringing Tahoe ideas to HTTP

Alexandre Dulaunoy adulau at
Thu Sep 17 01:45:06 EDT 2009

On Thu, Aug 27, 2009 at 11:57 PM, Brian Warner <warner at> wrote:

> == Integrity ==
> To start with integrity-checking, we could imagine a firefox plugin that
> validated a PyPI-style #md5= annotation on everything it loads. The rule
> would be that no action would be taken on the downloaded content until
> the hash was verified, and that a hash failure would be treated like a
> 404. Or maybe a slightly different error code, to indicate that the
> correct resource is unavailable and that it's a server-side problem, but
> it's because you got the wrong version of the document, rather than the
> document being missing altogether.

On the same idea,
there is an expired Internet-Draft called "Link Fingerprints" :

I made some experiments around while used as Machine Tag/Triple Tag[1] :

to have an extension with OpenPGP detached signature.

Another potential use, it's to benefit from the number of users
checking the integrity and contribute back the computed
value into a "tagging" system like or any other
collaborative bookmarking.

I especially like the Firefox (or wget,curl) extension that
could compute the hash value and check it against various
contributed hashes. That could give a kind of confidence level
regarding the integrity of the file and its corresponding URL/URI.

Just some ideas,



--                   Alexandre Dulaunoy (adulau) --
--         "Knowledge can create problems, it is not through ignorance
--                                that we can solve them" Isaac Asimov

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list