Nils Maier wrote: > Gervase Markham schrieb: >> Nils Maier wrote: >>> Disallowing those "corrupt LF" request is in fact what I wouldn't like >>> to see. >> When they get a "link fingerprint check failed" error, how is a user to >> tell the difference between "Oh, the webmaster screwed up" and "Someone >> has trojaned this download"? >> >> Hard fail is the right way to go. > > Why would a trojan writer want to produce a corrupt LF link? > I was talking about links here, not downloads ;)
The point of Link Fingerprints is to tell you if the data you receive is not the data the link provider wanted you to get. If the website gets hacked and the download is trojaned, then the link fingerprint will fail. > A corrupt LF link just means that there is no way to verify said download. Right. And the link provider obviously thought it was important that the link was verified - otherwise they would not have used a link fingerprint. So therefore the right course of action is not to give the user some random data which could be anything, but to refuse to download. As if the link actually led to a 500 Server Error, for example. >>> Even SSL will let you continue if there is something wrong like >>> non-matching hostnames; and SSL provides reliable security. >> We are changing this. > > This gets off-topic, but: Honestly? I fairly doubt it unless mozilla/FX > want to loose a huge chunk of users. > Do I need to switch over to IE just to load one of those damn common > self-signed-to-localhost-certs "protected" sites? Self-signed is different to non-matching hostname. It's perfectly possible to do a correct self-signed certificate. The current plan is for those to appear just like an HTTP site - because they provide no additional identity verification. Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
