Hi David,
LGTM to experiment from M117 - M118 inclusive. I think that's what
you're asking for - please let me know if I'm reading this incorrectly.
Good luck!
thanks,
Mike
On 8/28/23 9:18 AM, 'David Adrian' via blink-dev wrote:
Contact emails
dadr...@google.com
Explainer
https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.html
Specification
https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.html
Summary
Protect current Chrome TLS traffic against future quantum
cryptanalysis by deploying the Kyber768 quantum-resistant key
agreement algorithm. This is a hybrid X25519 + Kyber768 key agreement
based on an IETF standard. This specification and launch is outside
the scope of W3C. This key agreement will be launched as a TLS cipher,
and should be transparent to users.
https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
Blink component
Internals>Network>SSL
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL>
Search tags
tls <https://chromestatus.com/features#tags:tls>, kem
<https://chromestatus.com/features#tags:kem>, kyber
<https://chromestatus.com/features#tags:kyber>, postquantum
<https://chromestatus.com/features#tags:postquantum>
TAG review
TAG review status
Pending
Risks
Interoperability and Compatibility
Post-quantum secure ciphers are larger than classical ciphers. This
may cause compatibility issues with middleboxes.
Any pointers to learn more about this possible compat problem?
/Gecko/: No signal
(https://github.com/mozilla/standards-positions/issues/874) Firefox is
also in the process of rolling this out.
/WebKit/: No signal
(https://github.com/WebKit/standards-positions/issues/244)
/Web developers/: No signals
/Other signals/:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
Goals for experimentation
This is a Finch experiment, not site opt-in.
We are aiming to shake out bugs and incompatibilities with buggy TLS
stacks that do not correctly handle large TLS ClientHellos. Announcing
a public timeline for experimenting on stable provides the necessary
justification for teams at companies who have buggy TLS stacks to
prioritize fixing the bugs.
Ongoing technical constraints
Debuggability
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
No
Flag name on chrome://flags
enable-tls13-kyber
Finch feature name
PostQuantumKyber
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1442377
Launch bug
https://launch.corp.google.com/launch/4252981
Estimated milestones
Shipping on desktop 119
OriginTrial desktop last 118
OriginTrial desktop first 117
DevTrial on desktop 115
Shipping on Android 119
OriginTrial Android last 118
OriginTrial Android first 117
DevTrial on Android 115
Shipping on WebView 119
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5257822742249472
Links to previous Intent discussions
Intent to prototype:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42%2BgKeCTA6vWwzrE%3DDVR%3DTmQaCyDFQxqnXkOy9GcVyGtnA%40mail.gmail.com
This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42%2B37SpGUy9t6bBkP13XQL4mrEaY%2Bu0wAzttjZyr_f2rGA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42%2B37SpGUy9t6bBkP13XQL4mrEaY%2Bu0wAzttjZyr_f2rGA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b18bb8c1-e6bb-4592-b6c4-c8a3dcbee74e%40chromium.org.
