Intent to Deprecate and Remove: Pre-standard ChaCha20-Poly1305 ciphers

David Benjamin

chưa đọc,

16:41:53 19 thg 1, 201719/1/17

đến blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

Primary eng (and PM) emails

a...@chromium.org

awha...@chromium.org

Summary

Remove pre-standard variants of ChaCha20-Poly1305 cipher suites for Chrome 58 (after the current release branches).

Motivation

In 2013, Chrome 31 deployed new TLS cipher suites based on Prof. Dan Bernstein's ChaCha20 and Poly1305 algorithms. These was later standardized, with small tweaks, at the IETF as RFC 7539 and RFC 7905. We shipped the standardized variant early in 2016 with Chrome 49.

Compatibility And Interoperability Risk

Negligible compatibility risk. Only Chromium-based browsers ever implemented the pre-standard variant. TLS parameters are negotiated, so any remaining servers still selecting those ciphers would pick a different cipher suite, likely one based on AES-GCM which we also consider secure. The pre-standard variants were also never shipped by any official releases of commonly-used server software like OpenSSL.

Alternative implementation suggestion for web developers

Use the standardized variant, or AES-GCM.

Usage information from UseCounter

1% of TLS connections from Chrome use these ciphers, compared to 26% which use the standardized ones. Note that those 1% of servers will all simply fall back to another cipher suite. Other browsers did not ship these ciphers.

OWP launch tracking bug

https://crbug.com/682816

Entry on the feature dashboard

https://www.chromestatus.com/feature/5633556340539392

Requesting approval to remove too?

Yes

Chris Harrelson

chưa đọc,

13:35:49 23 thg 1, 201723/1/17

đến David Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Jochen Eisinger

chưa đọc,

13:41:56 23 thg 1, 201723/1/17

đến Chris Harrelson, David Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

lgtm2

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Rick Byers

chưa đọc,

13:51:29 23 thg 1, 201723/1/17

đến Jochen Eisinger, Chris Harrelson, David Benjamin, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

LGTM3

When making a change like this we keep an eye on (or have chirp alerts for) the UMA connection error stats to confirm "will all simply fall back to another cipher suite", right? I.e. in the unlikely case there's some popular server bug / misconfiguration that could cause a spike of errors?

lgtm2

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

David Benjamin

chưa đọc,

14:34:06 23 thg 1, 201723/1/17

đến Rick Byers, Jochen Eisinger, Chris Harrelson, blink-dev, net-dev, security-dev, a...@chromium.org, awha...@chromium.org

Yup. The net team has alerts on various connection error metrics, so we should notice. Although it would take a staggeringly creative server bug to break on this, supposing the server works in any non-Chromium browser.

lgtm2

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Trả lời tất cả

Trả lời tác giả

Chuyển tiếp