Protect current Chrome TLS traffic against future quantum cryptanalysis by deploying the Kyber768 quantum-resistant key agreement algorithm. This is a hybrid X25519 + Kyber768 key agreement based on an IETF standard. This specification and launch is outside the scope of W3C. This key agreement will be launched as a TLS cipher, and should be transparent to users. https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
Post-quantum secure ciphers are larger than classical ciphers. This may cause compatibility issues with middleboxes.
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
Shipping on desktop | 124 |
Origin trial desktop first | 118 |
Origin trial desktop last | 123 |
DevTrial on desktop | 115 |
Shipping on Android | 128 |
OriginTrial Android last | 128 |
OriginTrial Android first | 118 |
DevTrial on Android | 115 |
Shipping on WebView | 128 |
OriginTrial webView last | 128 |
OriginTrial webView first | 118 |
Contact emails
dad...@google.comExplainer
https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.htmlSpecification
https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.htmlSummary
Protect current Chrome TLS traffic against future quantum cryptanalysis by deploying the Kyber768 quantum-resistant key agreement algorithm. This is a hybrid X25519 + Kyber768 key agreement based on an IETF standard. This specification and launch is outside the scope of W3C. This key agreement will be launched as a TLS cipher, and should be transparent to users. https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
Blink component
Internals>Network>SSLSearch tags
tls, kem, kyber, postquantumTAG review
TAG review status
Not applicableRisks
Interoperability and Compatibility
Post-quantum secure ciphers are larger than classical ciphers. This may cause compatibility issues with middleboxes.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42K4xE5n_Fbt8heqhNMC7-xf3RhNVopguK3YeTVoYM-VzQ%40mail.gmail.com.
Also, would you mind requesting reviews for the various shipping
gates (privacy, security, enterprise, etc.) in your chromestatus
entry?
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohS%2BQfNtLkMRmf1o9-1GtVrDh6R2b_ugJeVNvjAQULPsTRA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohS%2BQfNtLkMRmf1o9-1GtVrDh6R2b_ugJeVNvjAQULPsTRA%40mail.gmail.com.
> I'm guessing we're talking about MITM middleboxes, is that correct?> What's our plan to mitigate that risk? Slow rollout? Enterprise policy? Both? Something else entirely?Whether the middlebox MITMs the TLS connection is not terribly important. As long as they attempt to parse the ClientHello, they will need to handle the larger ClientHellos. They already do in that there's nothing stopping session tickets, etc., making the ClientHello large already, but Kyber makes it more likely.We have already done a slow rollout. This has been running on 10% stable for several months now, and so far things seem to be fine. Some initial compat problems, but largely fixed now. We're far, far, far past the point that there's nothing more we can smoke out without proceeding to 100%.And, yeah, the plan to mitigate the remaining risk is an enterprise policy, PostQuantumKeyAgreementEnabled, that admins can set while their middlebox vendors become post-quantum-ready. The admin policy has been in place for quite some time now, and has been communicated in enterprise release notes. Also the presence of any such incompatibility on an enterprise network blocks any deployment of post-quantum algorithms, so ultimately the middleboxes will just need to get fixed. The various ecosystem pressures towards getting to post-quantum are particularly strong in enterprise anyway, so hopefully admins will be more likely to understand why it's important for them to fix those.
LGTM2. Good luck!
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSKkvJmq-wT%3Dm6q20igyOr8qqgcLuCCjPYto%3D-F0FATbHg%40mail.gmail.com.
LGTM3
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a437c512-73df-4473-8fd7-277c3be97b15%40chromium.org.