Intent to Deprecate and Remove: Pre-standard ChaCha20-Poly1305 ciphers

108 görüntüleme
İlk okunmamış mesaja atla

David Benjamin

okunmadı,
19 Oca 2017 16:41:5319.01.2017
alıcı blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

Primary eng (and PM) emails

a...@chromium.org

awha...@chromium.org


Summary

Remove pre-standard variants of ChaCha20-Poly1305 cipher suites for Chrome 58 (after the current release branches).


Motivation

In 2013, Chrome 31 deployed new TLS cipher suites based on Prof. Dan Bernstein's ChaCha20 and Poly1305 algorithms. These was later standardized, with small tweaks, at the IETF as RFC 7539 and RFC 7905. We shipped the standardized variant early in 2016 with Chrome 49.


Compatibility And Interoperability Risk

Negligible compatibility risk. Only Chromium-based browsers ever implemented the pre-standard variant. TLS parameters are negotiated, so any remaining servers still selecting those ciphers would pick a different cipher suite, likely one based on AES-GCM which we also consider secure. The pre-standard variants were also never shipped by any official releases of commonly-used server software like OpenSSL.


Alternative implementation suggestion for web developers

Use the standardized variant, or AES-GCM.


Usage information from UseCounter

1% of TLS connections from Chrome use these ciphers, compared to 26% which use the standardized ones. Note that those 1% of servers will all simply fall back to another cipher suite. Other browsers did not ship these ciphers.


OWP launch tracking bug

https://crbug.com/682816


Entry on the feature dashboard

https://www.chromestatus.com/feature/5633556340539392


Requesting approval to remove too?

Yes


Chris Harrelson

okunmadı,
23 Oca 2017 13:35:4923.01.2017
alıcı David Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org
LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Jochen Eisinger

okunmadı,
23 Oca 2017 13:41:5623.01.2017
alıcı Chris Harrelson, David Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

lgtm2


To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Rick Byers

okunmadı,
23 Oca 2017 13:51:2923.01.2017
alıcı Jochen Eisinger, Chris Harrelson, David Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org
LGTM3

When making a change like this we keep an eye on (or have chirp alerts for) the UMA connection error stats to confirm "will all simply fall back to another cipher suite", right? I.e. in the unlikely case there's some popular server bug / misconfiguration that could cause a spike of errors?

lgtm2


To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

David Benjamin

okunmadı,
23 Oca 2017 14:34:0623.01.2017
alıcı Rick Byers, Jochen Eisinger, Chris Harrelson, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org
Yup. The net team has alerts on various connection error metrics, so we should notice. Although it would take a staggeringly creative server bug to break on this, supposing the server works in any non-Chromium browser.

lgtm2


To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Tümünü yanıtla
Yazarı yanıtla
Yönlendir
0 yeni ileti