info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to unship: DTLS 1.0 for WebRTC
133 views
Skip to first unread message
Nils Ohlmeier
Nov 8, 2019, 1:29:47 AM11/8/19
to dev-platform
With the intent to unship TLS 1.0 and 1.1 https://groups.google.com/forum/#!topic/mozilla.dev.platform/8EFRYDR3N1c <https://groups.google.com/forum/#!topic/mozilla.dev.platform/8EFRYDR3N1c> we don’t want to leave Firefox users left with the old DTLS 1.0 when using WebRTC.
The latest draft on WebRTC security architecture (which soon going to be published as an RFC) requires all implementations to support DTLS 1.2
https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#section-6.5 <https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#section-6.5>
In Firefox 71 we landed user prefs which enables developers to test their WebRTC services with DTLS 1.2 only.
Chrome has announced to also turn off DTLS 1.0 for WebRTC in M81 https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topicsearchin/discuss-webrtc/dtls;context-place=searchin/discuss-webrtc/PSA$3A/discuss-webrtc/Dsq_14_WoUk <https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topicsearchin/discuss-webrtc/dtls;context-place=searchin/discuss-webrtc/PSA$3A/discuss-webrtc/Dsq_14_WoUk>
Last time when we measured DTLS 1.0 usage was 1.88% in Firefox 68 Beta https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2019-06-18&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%252F67&measure=WEBRTC_DTLS_PROTOCOL_VERSION&min_channel_version=null&processType=*&product=Firefox&sanitize=0&sort_by_value=0&sort_keys=submissions&start_date=2019-03-10&table=0&trim=0&use_submission_date=0 <https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2019-06-18&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%2F67&measure=WEBRTC_DTLS_PROTOCOL_VERSION&min_channel_version=null&processType=*&product=Firefox&sanitize=0&sort_by_value=0&sort_keys=submissions&start_date=2019-03-10&table=0&trim=0&use_submission_date=0>
We want to disable DTLS 1.0 in WebRTC together with TLS 1.0 and 1.1 in March 2020.
Disabling DTLS 1.0 is tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=1506392 <https://bugzilla.mozilla.org/show_bug.cgi?id=1506392>
Best
Nils Ohlmeier
The latest draft on WebRTC security architecture (which soon going to be published as an RFC) requires all implementations to support DTLS 1.2
https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#section-6.5 <https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#section-6.5>
In Firefox 71 we landed user prefs which enables developers to test their WebRTC services with DTLS 1.2 only.
Chrome has announced to also turn off DTLS 1.0 for WebRTC in M81 https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topicsearchin/discuss-webrtc/dtls;context-place=searchin/discuss-webrtc/PSA$3A/discuss-webrtc/Dsq_14_WoUk <https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topicsearchin/discuss-webrtc/dtls;context-place=searchin/discuss-webrtc/PSA$3A/discuss-webrtc/Dsq_14_WoUk>
Last time when we measured DTLS 1.0 usage was 1.88% in Firefox 68 Beta https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2019-06-18&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%252F67&measure=WEBRTC_DTLS_PROTOCOL_VERSION&min_channel_version=null&processType=*&product=Firefox&sanitize=0&sort_by_value=0&sort_keys=submissions&start_date=2019-03-10&table=0&trim=0&use_submission_date=0 <https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2019-06-18&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%2F67&measure=WEBRTC_DTLS_PROTOCOL_VERSION&min_channel_version=null&processType=*&product=Firefox&sanitize=0&sort_by_value=0&sort_keys=submissions&start_date=2019-03-10&table=0&trim=0&use_submission_date=0>
We want to disable DTLS 1.0 in WebRTC together with TLS 1.0 and 1.1 in March 2020.
Disabling DTLS 1.0 is tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=1506392 <https://bugzilla.mozilla.org/show_bug.cgi?id=1506392>
Best
Nils Ohlmeier
Martin Thomson
Nov 13, 2019, 10:20:05 AM11/13/19
to Nils Ohlmeier, dev-platform
This is somewhat more aggressive than our plans for HTTPS. The usage rate
is significantly higher (that's about 3x) and we don't have DTLS 1.3 yet,
though the spec is now close to publication.
On balance, this is still justifiable given the nature of this feature.
> _______________________________________________
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
is significantly higher (that's about 3x) and we don't have DTLS 1.3 yet,
though the spec is now close to publication.
On balance, this is still justifiable given the nature of this feature.
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
0 new messages