Nils Maier wrote: > Link-Fingerprints originate from those crc,sfv,md5sums verification models. > Each do only check given data, but do not tamper with it. > Maybe you proposed hard-fail, but that's not what I ever had in mind, so > it seems we have opposite opinions on this one.
It could certainly be that we have different goals. My goal is to make 100% certain that the user of a Link Fingerprint link either gets the data the link was designed for, or gets no data at all. That's what makes them a useful security measure. What is your goal for Link Fingerprints? > Deleting my DVD iso of the newest bleeding edge Linux I spend days > downloading on a dialup line without even asking feels wrong. Then don't use Link Fingerprints for such downloads. What are the possible options as to what has happened? 1) The download is corrupt. So you might as well delete it, because it's no use to you. 2) The download has been trojaned. So you definitely want to delete it. 3) The person supplying the Link Fingerprint URL screwed up. In which case, it's their fault, and if they didn't mind you getting different data, they shouldn't have used Link Fingerprints, or they should have tested their URLs. If I send someone a URL in email to a resource, do I just make the URL up? No, I use one I know is good. If I send: http://www.gerv.net/09F925FEC39AA/file.zip when actually I meant: http://www.gerv.net/CD236774DE35F/file.zip then I've just sent the wrong link, period, and the recipient will not be able to download the file. And it's my fault. This is exactly the same thing as sending a bogus link fingerprint. Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
