Features/HTTP Digest header verification

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Status

Hash validation after binary download completes successfully
Stage `
Status `
Release target `
Health `
Status note `

Team

Product manager `
Directly Responsible Individual `
Lead engineer `
Security lead `
Privacy lead `
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members `

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Sometimes downloads have an error during transfer. HTTP has a 'Digest' header field (RFC 3230, RFC 5843) which allows a server to give the hash of a file. Firefox could use this hash from the 'Digest' header to validate the file after the binary download completes successfully. If the hashes match, then the file has been transferred without error. If the hashes do not match, then an error has occurred.

A number of download programs support the 'Digest' header and this behavior already.

2. Users & use cases

Jim downloads LibreOffice but the file doesn't seem to work. Jim contacts the LibreOffice support group and they suggest that Jim manually validates the hash. Jim uses Microsoft Windows, so they tell him to download a small program since nothing comes with the OS to do this. Jim installs the program, and after figuring out how to use it & select the file to hash, figures out that the download is corrupt. He contacts LibreOffice support & they tell him to re-download the file again, and manually check it again until the hash is correct. Jim has an unreliable internet connection, so it isn't until his third try that the download completes without errors.

Janie downloads VLC and as a technical user, she recognizes the SHA-1 hash on the download page: http://get.videolan.org/vlc/2.0.6/macosx/vlc-2.0.6.dmg

"If you have a problem, click here. SHA-1 checksum: 65742a2194185790925a4dcd6105ca27eb3e386a"

As a seasoned Unix user, she knows she may open a terminal and type a command to manually verify that the download completed without errors. Luckily there are no errors, so she uses the file. Janie wishes her browser automatically took care of this for her, even though she knows how to do it.

Behavior with this feature: User initiates a binary file download. A hash is supplied in a 'Digest' header. Once the download completes successfully, Firefox automatically uses the hash to validate the file. If there is an error during transfer, a retry option can be given. If the file is complete and without errors, it can be shown as a typical completed download.

3. Dependencies

`

4. Requirements

`

Non-goals

`

Stage 2: Design

5. Functional specification

`

6. User experience design

`

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

`


Feature details

Priority `
Rank 999
Theme / Goal `
Roadmap `
Secondary roadmap `
Feature list `
Project `
Engineering team `

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `