Minor technical correction, Morpheus/Kazaa used/uses an MD5 file signature, not a checksum. An MD5 signature (or "fingerprint" as the official documentation refers to it) is a 128-bit value calculated by putting the file contents through a rather involved algorithm which if virtually guaranteed to be unique across all data patterns. In other words, it is virtually (and quite likely literally) impossible for two files to have the same MD5 signature. If you find a MD5 signature match, it IS the same file. While a checksum is also a value calculated using the contents of a file, comparing a checksum to a MD5 signature is a bit like comparing a height/weight/hair color description to a person's full DNA mapping.

I don't know what the gnutella plan is for uniquely identifying files, but MD5 is a very good way to go. While the algorithm is owned by RSA, they allow it to be freely used as long as they get mentioned somewhere in the documentation.