Intent to Deprecate and Remove: Pre-standard ChaCha20-Poly1305 ciphers

108 kali dilihat
Langsung ke pesan pertama yang belum dibaca

David Benjamin

belum dibaca,
19 Jan 2017, 16.41.5319/01/17
kepadablink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

Primary eng (and PM) emails

a...@chromium.org

awha...@chromium.org


Summary

Remove pre-standard variants of ChaCha20-Poly1305 cipher suites for Chrome 58 (after the current release branches).


Motivation

In 2013, Chrome 31 deployed new TLS cipher suites based on Prof. Dan Bernstein's ChaCha20 and Poly1305 algorithms. These was later standardized, with small tweaks, at the IETF as RFC 7539 and RFC 7905. We shipped the standardized variant early in 2016 with Chrome 49.


Compatibility And Interoperability Risk

Negligible compatibility risk. Only Chromium-based browsers ever implemented the pre-standard variant. TLS parameters are negotiated, so any remaining servers still selecting those ciphers would pick a different cipher suite, likely one based on AES-GCM which we also consider secure. The pre-standard variants were also never shipped by any official releases of commonly-used server software like OpenSSL.


Alternative implementation suggestion for web developers

Use the standardized variant, or AES-GCM.


Usage information from UseCounter

1% of TLS connections from Chrome use these ciphers, compared to 26% which use the standardized ones. Note that those 1% of servers will all simply fall back to another cipher suite. Other browsers did not ship these ciphers.


OWP launch tracking bug

https://crbug.com/682816


Entry on the feature dashboard

https://www.chromestatus.com/feature/5633556340539392


Requesting approval to remove too?

Yes


Chris Harrelson

belum dibaca,
23 Jan 2017, 13.35.4923/01/17
kepadaDavid Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org
LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Jochen Eisinger

belum dibaca,
23 Jan 2017, 13.41.5623/01/17
kepadaChris Harrelson, David Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

lgtm2


To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Rick Byers

belum dibaca,
23 Jan 2017, 13.51.2923/01/17
kepadaJochen Eisinger, Chris Harrelson, David Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org
LGTM3

When making a change like this we keep an eye on (or have chirp alerts for) the UMA connection error stats to confirm "will all simply fall back to another cipher suite", right? I.e. in the unlikely case there's some popular server bug / misconfiguration that could cause a spike of errors?

lgtm2


To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

David Benjamin

belum dibaca,
23 Jan 2017, 14.34.0623/01/17
kepadaRick Byers, Jochen Eisinger, Chris Harrelson, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org
Yup. The net team has alerts on various connection error metrics, so we should notice. Although it would take a staggeringly creative server bug to break on this, supposing the server works in any non-Chromium browser.

lgtm2


To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Balas ke semua
Balas ke penulis
Teruskan
0 pesan baru