Randomize the order of TLS ClientHello extensions, to reduce potential ecosystem brittleness.
It is possible that Chrome’s ClientHello extension ordering is already ossified. This change may cause compatibility issues with middleboxes or other network monitoring software. We will do a slow rollout and monitor breakage.
n/a, not developer facing
n/a, not developer facing
Using a fixed extension order can encourage server implementers to fingerprint Chrome and then assume specific implementation behavior. This can limit ecosystem agility when Chrome implements future modifications to TLS, if the server implementations are not prepared for Chrome to change its ClientHello. Chrome will randomly order extensions, subject to the pre_shared_key constraint in the RFC. This will reduce the risk of server and middleboxes fixating on details of our current ClientHello. This should make the TLS ecosystem more robust to changes.
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
n/a, inner function of TLS stack
DevTrial on desktop | 106 |
DevTrial on Android | 106 |
Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPLxc%3DVRR-R%2B1tDJELZvqDPENxcT%2Bi-OZntifmqsZOHkyGzHOg%40mail.gmail.com.
No worries :) thanks for filling out those requests for positions
On Fri, Nov 18, 2022, 21:04 David Adrian <dad...@google.com> wrote:
Apologies---this is my first time going through the Blink process, but I should have caught the formal signal step.
I've filed requests for positions from Mozilla [1] and WebKit [2].
On Thu, Nov 17, 2022 at 7:15 PM Yoav Weiss <yoav...@chromium.org> wrote:
On Fri, Nov 18, 2022 at 1:28 AM Martin Thomson <m...@mozilla.com> wrote:On Fri, Nov 18, 2022 at 10:15 AM 'David Adrian' via blink-dev <blin...@chromium.org> wrote:To be clear, though we are supportive of this change, we ask that you ask using https://github.com/mozilla/standards-positions rather than use inferences (even obvious ones) based on mailing list posts. Dennis is the authority here, so no big deal, but this process exists to avoid miscommunication.What Martin said + can you ask for a signal from WebKit folks?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
LGTM3
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfU5Kde%2B_%3DgHOBUKm2a%3DqB6ju4u9zDfjWo-YLSGsjgRNWA%40mail.gmail.com.
Hi,Why is the Documentation link blocked to the public?Steps to repeat issue:1. Go to link: https://chromestatus.com/feature/51246062465187842. Under Documentation Tab3. Access deniedThis is the first time I've ever seen a documentation being blocked to the public, can Googlers not go down that route please! Can you make all Documentation links public so we can see more information about this issue!p.s. The explainer found here: https://github.com/dadrian/clienthello-randomization/blob/main/EXPLAINER.mdAdds little extra information with regards to the issue, hence why I have bated breath hoping to open the google docs link to understand more about this issue!Many Thanks.
The Google Doc is the same as the explainer. The documentation is public. The Google Doc is not public because it is not a Chromium-organization doc, it is a Google owned document.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LXjeC%2BP-LpNNjD-TtvetSPn22H0b%2BwbwtRC8p8aopt8A%40mail.gmail.com.