The way you describe the utility of the hash, you make it sound like it is somehow "inadequate" for the traditional use of hashes. But, that's not really relevant here. This is a use of a hash for a different purpose than the hashes we normally use in link integrity checking. I would suggest that you focus on the utility of this style of hash rather than emphasizing the things that it doesn't even attempt to do.
BTW: I realize that this may be totally unnecessary, however, I can't help thinking that a "last-accessed-on" attribute to show when the link was last accessed and thus when the hash was generated might be useful... In nothing else, there is a good bit of precedence in things like formal standards for citing web resources that typically require that a "last-accessed" date be provided. I'm not willing to invest a great deal in fighting for this. I just thought I would mention it.
bob wyman
On Tue, May 25, 2010 at 3:07 PM, James Snell
<jasnell@...> wrote:
Ok, so I'm working on finishing up the basic link extensions draft.
The Security Considerations are currently TBD. I wanted to take a
moment to solicit input on appropriate security considerations for
these optional, advisory extension attributes.
One in particular... hash digest are often used as a simple means of
verifying that data has not been modified while in transit.. hash
digests contained within an atom:link cannot be used for that purpose.
Rather, the hash attribute is used to express the state of the linked
resource at a given point in time so that a feed consumer can detect
whether or not the resource has been modified since the link was
created.
Other than that, there really shouldn't be any further security
concerns with regards to the link extensions.. but I welcome being
corrected on that :-) Thoughts?
--
- James Snell
http://www.snellspace.com
jasnell@...
