Several sites today provide MD5, SHA256, etc. checksums next to the hyperlinks for file downloads. I realise that MD5 is susceptible to collisions however this is a little unlikely for the moment.
Those who know how to use md5sum/sha1sum/sha256sum at the command line (or via some GUI utility) are most likely too time poor to do this verification for such downloads. Multitudes more just don't know how to.
If there was the option of adding a checksum attribute on hyperlinks (maybe of the format checksum="sha256|c01b39c7a35ccc3b081a3e83d2c71fa9a767ebfeb45c69f08e17dfe3ef375a7b" the web browser could possibly perform a simple check before releasing that file from the 'temporary downloads quarantine"?
For a successful file download, the file would be saved as normal immediately.
For a checksum mismatch, the user agent might warn the user (cancel or allow), or retry a couple of times first?
I guess this could also be applied to hyperlinks to HTML files as well, however this would be a problem if people put checksums on links to:
- Dynamic HTML pages
- Links to videolan.org/download_the_latest_version (this is a made up URL)
Maybe in some circumstances this might be useful?