Gerv, Your web page http://www.gerv.net/security/link-fingerprints/ doesn't provide any obvious channel for feedback or public discussion of that proposal, that I can see. So, I'm using this channel.
The page makes certain claims that I don't believe. Here's one. > To substitute a trojan, the attacker would need to hack both the download > site and the website supplying the information - or the user's mailbox. Unless the page that contains that link is an https page, to substitute a trojan, an attacker need only substitute his own URL for the original page's URL while the page is in transit. A proxy server is a perfect place to perform such an MITM attack. Http pages with login forms that submit their contents via https have the very same vulnerability. -- Nelson B (On vacation and not reading mail or news until July 2) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
