Am 2012-10-19 18:49, schrieb Ian Hickson:
What is the attack scenario you are trying to avoid?
Without a discussion of what problem you're trying to solve, it's
unclear
how to evaluate the proposal.
The idea of a hash="" or checksum="" attribute on <a href> has come
up
before -- about once a year, as far as I can tell! -- but it's always
been
found lacking in one way or another.
I don't want to avoid any attack scenario!
I want trusted information.
If I write an article and link to other documents I want a solution
that the visitor can be sure that the document he opens is the document
I originally linked to. (And if its not he gets informed. So he knows
that the information maybe differ from the one the article talks about.)
The second point is that verification if a file was downloaded
correctly is a computer task not a human task. A standard how to give
the verification information enables the browser/plugin vendors to do
this task.
