[144869] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Bringing Tahoe ideas to HTTP

daemon@ATHENA.MIT.EDU (Alexandre Dulaunoy)
Thu Sep 17 14:33:36 2009

In-Reply-To: <1baa801f0909162239u68d458c0s8529d5f8f9d02afa@mail.gmail.com>
Date: Thu, 17 Sep 2009 07:45:06 +0200
From: Alexandre Dulaunoy <adulau@gmail.com>
To: cryptography@metzdowd.com

On Thu, Aug 27, 2009 at 11:57 PM, Brian Warner <warner@lothar.com> wrote:

> == Integrity ==
>
> To start with integrity-checking, we could imagine a firefox plugin that
> validated a PyPI-style #md5= annotation on everything it loads. The rule
> would be that no action would be taken on the downloaded content until
> the hash was verified, and that a hash failure would be treated like a
> 404. Or maybe a slightly different error code, to indicate that the
> correct resource is unavailable and that it's a server-side problem, but
> it's because you got the wrong version of the document, rather than the
> document being missing altogether.

On the same idea,
there is an expired Internet-Draft called "Link Fingerprints" :

http://www.potaroo.net/ietf/idref/draft-lee-uri-linkfingerprints/

I made some experiments around while used as Machine Tag/Triple Tag[1] :

http://www.foo.be/cgi-bin/wiki.pl/MachineTagLinkFingerprint

to have an extension with OpenPGP detached signature.

Another potential use, it's to benefit from the number of users
checking the integrity and contribute back the computed
value into a "tagging" system like del.icio.us or any other
collaborative bookmarking.

I especially like the Firefox (or wget,curl) extension that
could compute the hash value and check it against various
contributed hashes. That could give a kind of confidence level
regarding the integrity of the file and its corresponding URL/URI.

Just some ideas,

adulau

[1] http://www.foo.be/cgi-bin/wiki.pl/MachineTag

-- 
--                   Alexandre Dulaunoy (adulau) -- http://www.foo.be/
--                             http://www.foo.be/cgi-bin/wiki.pl/Diary
--         "Knowledge can create problems, it is not through ignorance
--                                that we can solve them" Isaac Asimov

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
home help back first fref pref prev next nref lref last post