Re: [Camino] Checksums for downloads?

Wed, 24 Aug 2005 20:20:58 -0700 

On Aug 24, 2005, at 5:40 PM, Steve Palmer wrote:
Just a thought. I haven't considered this too deeply so I may well be smoking crack. 


In general, I would expect reputable mirrors to also mirror the MD5  
checksum file. I'm not sure why they wouldn't.



I also think that rather than trying to solve all the problems at  
once, the simplest solution here might also be sufficiently  
effective. So why not just take this approach:



- When starting a download, look for the MD5 file in the same  
location as the original. It is typically the download filename  
plus the .md5 extension.  You could check for other extensions/ 
formats too.

- If the checksum file is found, download it along with the main file.

- On completion of the download, verify the main file against the  
checksum and warn the user if they don't match.
- If no checksum is found, warn the user that no checksum exists  
but still download the file.
- Provide an option in Preferences to disable the warning for folks  
who don't really care. Enable it by default but provide a "Don't  
show me this again..." option on the warning.



The advantage of the above are that it isn't intrusive, it is user  
friendly and if more browsers support the concept then it should  
encourage site owners to always include the MD5 or similar checksum  
even on mirrors. If other methods of verifying the file integrity  
exist or are developed, they can be subsumed into the  
implementation without changing the user experience.



What would be the point of such a system?  Anyone who can compromise  
a server to post a malicious binary would simply upload a new  
checksum to go with it.  Checksums hosted with the file have almost  
no security value.



The suggestion only makes sense in that the mirrors are all  
separately controlled, and there is a central location  
(caminobrowser.org) to post a checksum, which means someone would  
have to take control of two completely separate servers to slip a  
malicious binary past someone checking the checksums.


-Stuart
_______________________________________________
Camino mailing list
[email protected]
http://mozdev.org/mailman/listinfo/camino























					Reply via email to