Request for Deprecation Trial: Deprecate TLS SHA-1 server signatures
187 views
Skip to first unread message
David Adrian
Jun 8, 2023, 3:53:15 PM6/8/23
to blink-dev, David Benjamin
Contact emails
dad...@google.comdavi...@chromium.org
Gecko: No signal (https://github.com/mozilla/standards-positions/issues/812)
WebKit: No signal (https://github.com/WebKit/standards-positions/issues/196)
Web developers: No signals
Other signals:
This experiment is managed via Finch, not as an Origin / Deprecation Trial.
Explainer
NoneSpecification
https://www.rfc-editor.org/rfc/rfc9155.htmlSummary
Chrome is removing support for signature algorithms using SHA-1 for server signatures during the TLS handshake. This does not affect SHA-1 support in server certificates, which was already removed, or in client certificates, which continues to be supported.
Blink component
Internals>Network>SSLSearch tags
tls, ssl, sha1TAG review
NoneTAG review status
Not applicableRisks
Interoperability and Compatibility
At most 0.02% of page loads use the SHA1 fallback. However, we cannot disambiguate between a flaky first connection, and actually requiring SHA1. We expect the actual amount is lower.
Gecko: No signal (https://github.com/mozilla/standards-positions/issues/812)
WebKit: No signal (https://github.com/WebKit/standards-positions/issues/196)
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Goals for experimentation
Since this takes place before a document is loaded, sites cannot opt-in. We plan on doing a 1% stable experiment and monitoring any increase in page load failures and SSL failures.This experiment is managed via Finch, not as an Origin / Deprecation Trial.
Experiment Risks
Sites that are incapable of SHA2 signatures would fail to load. However, we believe the actual set of sites that don't support SHA2 is very small. Due to how negotiation works in TLS, we can't tell the difference between "prefers SHA1 to SHA2, but has a flaky network" and "only supports SHA1". In the worst case, this is 0.02% of TLS connections. In the best case, this is 0%.
https://groups.google.com/a/chromium.org/g/blink-dev/c/rfPtQpqNixk/m/WF3a12okCgAJ
Ongoing technical constraints
None
Debuggability
n/a, this happens pre-devtools
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
YesIs this feature fully tested by web-platform-tests?
NoFlag name
use-sha1-server-handshakesRequires code in //chrome?
FalseTracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=658905Launch bug
https://launch.corp.google.com/launch/4233200Estimated milestones
| Shipping on desktop | 117 |
| OriginTrial desktop last | 116 |
| OriginTrial desktop first | 115 |
| DevTrial on desktop | 115 |
| Shipping on Android | 117 |
| OriginTrial Android last | 116 |
| OriginTrial Android first | 115 |
| DevTrial on Android | 115 |
| OriginTrial webView last | 116 |
| OriginTrial webView first | 115 |
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/4832850040324096Links to previous Intent discussions
https://groups.google.com/a/chromium.org/g/blink-dev/c/ZdpqIOKTHeMhttps://groups.google.com/a/chromium.org/g/blink-dev/c/rfPtQpqNixk/m/WF3a12okCgAJ
This intent message was generated by Chrome Platform Status.
David Adrian
Jun 8, 2023, 3:54:46 PM6/8/23
to blink-dev, David Benjamin
Per request on the previous thread, converting the previous Ready for Trial to an Intent to Experiment / Request for Deprecation Trial.
Due to the nature of the TLS stack, this experiment will be managed by Finch, rather than site opt-in.
Due to the nature of the TLS stack, this experiment will be managed by Finch, rather than site opt-in.
Mike West
Jun 13, 2023, 4:50:19 AM6/13/23
to David Adrian, blink-dev, David Benjamin
Per the conversation on the previous thread, carefully rolling this out to measure breakage seems like the right path forward. Do you have a timeline along which you'd like to run this experiment? M115-M118?
-mike
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LkdzFVgWn%3DEngqRQekuV%2B4rCQRWGcGjz4x5QJGpzgvig%40mail.gmail.com.
David Adrian
Jun 13, 2023, 2:31:23 PM6/13/23
to Mike West, blink-dev, David Benjamin
We plan to start in M115. Four milestones seems a bit long---this breakage likely either be immediately evident or a no-op. I was thinking M115 and M116, but we'll defer to your judgement.
Mike West
Jun 13, 2023, 2:46:42 PM6/13/23
to David Adrian, David Benjamin, blink-dev
LGTM to experiment from M115 to M116.
Good luck!
-mike
-mike
Reply all
Reply to author
Forward
0 new messages