LGTM to experiment from M115 to M116. Good luck!
-mike On Tue 13. Jun 2023 at 20:31 David Adrian <[email protected]> wrote: > We plan to start in M115. Four milestones seems a bit long---this breakage > likely either be immediately evident or a no-op. I was thinking M115 and > M116, but we'll defer to your judgement. > > On Tue, Jun 13, 2023 at 2:50 AM Mike West <[email protected]> wrote: > >> Per the conversation on the previous thread, carefully rolling this out >> to measure breakage seems like the right path forward. Do you have a >> timeline along which you'd like to run this experiment? M115-M118? >> >> -mike >> >> >> On Thu, Jun 8, 2023 at 9:54 PM 'David Adrian' via blink-dev < >> [email protected]> wrote: >> >>> Per request on the previous thread >>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/ZdpqIOKTHeM>, >>> converting the previous Ready for Trial to an Intent to Experiment / >>> Request for Deprecation Trial. >>> >>> Due to the nature of the TLS stack, this experiment will be managed by >>> Finch, rather than site opt-in. >>> >>> On Thu, Jun 8, 2023 at 1:52 PM David Adrian <[email protected]> wrote: >>> >>>> Contact [email protected] >>>> [email protected] >>>> >>>> ExplainerNone >>>> >>>> Specificationhttps://www.rfc-editor.org/rfc/rfc9155.html >>>> >>>> Summary >>>> >>>> Chrome is removing support for signature algorithms using SHA-1 for >>>> server signatures during the TLS handshake. This does not affect SHA-1 >>>> support in server certificates, which was already removed, or in client >>>> certificates, which continues to be supported. >>>> >>>> >>>> Blink componentInternals>Network>SSL >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL> >>>> >>>> Search tagstls <https://chromestatus.com/features#tags:tls>, ssl >>>> <https://chromestatus.com/features#tags:ssl>, sha1 >>>> <https://chromestatus.com/features#tags:sha1> >>>> >>>> TAG reviewNone >>>> >>>> TAG review statusNot applicable >>>> >>>> Risks >>>> >>>> >>>> Interoperability and Compatibility >>>> >>>> At most 0.02% of page loads use the SHA1 fallback. However, we cannot >>>> disambiguate between a flaky first connection, and actually requiring SHA1. >>>> We expect the actual amount is lower. >>>> >>>> >>>> *Gecko*: No signal ( >>>> https://github.com/mozilla/standards-positions/issues/812) >>>> >>>> *WebKit*: No signal ( >>>> https://github.com/WebKit/standards-positions/issues/196) >>>> >>>> *Web developers*: No signals >>>> >>>> *Other signals*: >>>> >>>> WebView application risks >>>> >>>> Does this intent deprecate or change behavior of existing APIs, such >>>> that it has potentially high risk for Android WebView-based applications? >>>> >>>> None >>>> >>>> >>>> Goals for experimentation >>>> >>>> Since this takes place before a document is loaded, sites cannot >>>> opt-in. We plan on doing a 1% stable experiment and monitoring any increase >>>> in page load failures and SSL failures. >>>> >>>> This experiment is managed via Finch, not as an Origin / Deprecation >>>> Trial. >>>> >>>> Experiment Risks >>>> Sites that are incapable of SHA2 signatures would fail to load. >>>> However, we believe the actual set of sites that don't support SHA2 is very >>>> small. Due to how negotiation works in TLS, we can't tell the difference >>>> between "prefers SHA1 to SHA2, but has a flaky network" and "only supports >>>> SHA1". In the worst case, this is 0.02% of TLS connections. In the best >>>> case, this is 0%. >>>> >>>> Ongoing technical constraints >>>> >>>> None >>>> >>>> >>>> Debuggability >>>> >>>> n/a, this happens pre-devtools >>>> >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, Chrome OS, Android, and Android WebView)?Yes >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ?No >>>> >>>> Flag nameuse-sha1-server-handshakes >>>> >>>> Requires code in //chrome?False >>>> >>>> Tracking bug >>>> https://bugs.chromium.org/p/chromium/issues/detail?id=658905 >>>> >>>> Launch bughttps://launch.corp.google.com/launch/4233200 >>>> >>>> Estimated milestones >>>> Shipping on desktop 117 >>>> OriginTrial desktop last 116 >>>> OriginTrial desktop first 115 >>>> DevTrial on desktop 115 >>>> Shipping on Android 117 >>>> OriginTrial Android last 116 >>>> OriginTrial Android first 115 >>>> DevTrial on Android 115 >>>> OriginTrial webView last 116 >>>> OriginTrial webView first 115 >>>> >>>> Link to entry on the Chrome Platform Status >>>> https://chromestatus.com/feature/4832850040324096 >>>> >>>> Links to previous Intent discussions >>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/ZdpqIOKTHeM >>>> >>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/rfPtQpqNixk/m/WF3a12okCgAJ >>>> >>>> This intent message was generated by Chrome Platform Status >>>> <https://chromestatus.com/>. >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LkdzFVgWn%3DEngqRQekuV%2B4rCQRWGcGjz4x5QJGpzgvig%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LkdzFVgWn%3DEngqRQekuV%2B4rCQRWGcGjz4x5QJGpzgvig%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- -mike -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3DcK35h0_yTq-1oN_KWxSPPZxfuZZ_k1Zn8H3Lo2R5_Xtg%40mail.gmail.com.
