Intent to Prototype: Deprecate TLS SHA-1 server signatures
David Adrian
Contact emails
dad...@google.comExplainer
NoneSpecification
https://www.rfc-editor.org/rfc/rfc9155.htmlSummary
Chrome is removing support for signature algorithms using SHA-1 for server signatures during the TLS handshake. This does not affect SHA-1 support in server certificates, which was already removed, or in client certificates, which continues to be supported.
Blink component
Internals>Network>SSLMotivation
SHA1 has known collisions, and while difficult to exploit in practice, should be avoided. Removing SHA1 support from server signatures removes the ability for a future attacker to exploit some sort of collision in SHA1 to impersonate a server. The use of SHA1 in TLS has already been deprecated by the IETF in RFC 9155. This does not affect client certificates. The decision of whether or not to accept SHA1 in client certificates can be made by server operators who have deployed mTLS.
Initial public proposal
Search tags
tls, ssl, sha1TAG review
TAG review status
Not applicableRisks
Interoperability and Compatibility
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
Debuggability
Is this feature fully tested by web-platform-tests?
NoFlag name
Requires code in //chrome?
FalseTracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=658905Launch bug
https://launch.corp.google.com/launch/4233200Estimated milestones
No milestones specified
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/4832850040324096
Mike Taylor
Hi David,
Contact emails
dad...@google.com
Explainer
None
Specification
https://www.rfc-editor.org/rfc/rfc9155.html
Summary
Chrome is removing support for signature algorithms using SHA-1 for server signatures during the TLS handshake. This does not affect SHA-1 support in server certificates, which was already removed, or in client certificates, which continues to be supported.
Blink component
Internals>Network>SSL
Motivation
SHA1 has known collisions, and while difficult to exploit in practice, should be avoided. Removing SHA1 support from server signatures removes the ability for a future attacker to exploit some sort of collision in SHA1 to impersonate a server. The use of SHA1 in TLS has already been deprecated by the IETF in RFC 9155. This does not affect client certificates. The decision of whether or not to accept SHA1 in client certificates can be made by server operators who have deployed mTLS.
Initial public proposal
Search tags
tls, ssl, sha1
TAG review
TAG review status
Not applicable
Risks
Interoperability and Compatibility
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
Debuggability
Is this feature fully tested by web-platform-tests?
No
Flag name
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=658905
Launch bug
https://launch.corp.google.com/launch/4233200
Estimated milestones
No milestones specified
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/4832850040324096
This intent message was generated by Chrome Platform Status.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42JGCECAtUFRX6S%2BVriRJrVAwGUUquad6xgDGfiji81ZHg%40mail.gmail.com.