home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
In-Reply-To: <1baa801f0909162239u68d458c0s8529d5f8f9d02afa@mail.gmail.com> Date: Thu, 17 Sep 2009 07:45:06 +0200 From: Alexandre Dulaunoy <adulau@gmail.com> To: cryptography@metzdowd.com On Thu, Aug 27, 2009 at 11:57 PM, Brian Warner <warner@lothar.com> wrote: > == Integrity == > > To start with integrity-checking, we could imagine a firefox plugin that > validated a PyPI-style #md5= annotation on everything it loads. The rule > would be that no action would be taken on the downloaded content until > the hash was verified, and that a hash failure would be treated like a > 404. Or maybe a slightly different error code, to indicate that the > correct resource is unavailable and that it's a server-side problem, but > it's because you got the wrong version of the document, rather than the > document being missing altogether. On the same idea, there is an expired Internet-Draft called "Link Fingerprints" : http://www.potaroo.net/ietf/idref/draft-lee-uri-linkfingerprints/ I made some experiments around while used as Machine Tag/Triple Tag[1] : http://www.foo.be/cgi-bin/wiki.pl/MachineTagLinkFingerprint to have an extension with OpenPGP detached signature. Another potential use, it's to benefit from the number of users checking the integrity and contribute back the computed value into a "tagging" system like del.icio.us or any other collaborative bookmarking. I especially like the Firefox (or wget,curl) extension that could compute the hash value and check it against various contributed hashes. That could give a kind of confidence level regarding the integrity of the file and its corresponding URL/URI. Just some ideas, adulau [1] http://www.foo.be/cgi-bin/wiki.pl/MachineTag -- -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/ -- http://www.foo.be/cgi-bin/wiki.pl/Diary -- "Knowledge can create problems, it is not through ignorance -- that we can solve them" Isaac Asimov --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |