On Mon, Sep 18, 2023 at 4:11 PM David Adrian <dadr...@google.com> wrote:
> > This should probably be an "Intent to Deprecate and Remove" rather than > an "Intent to Ship". > > You're absolutely right that it should be, unfortunately that's not the > subject Chrome Status generated. I'll file an issue. > Oops, yes, you did everything right here. There's already https://github.com/GoogleChrome/chromium-dashboard/issues/2749 about changing this subject line, and now https://github.com/GoogleChrome/chromium-dashboard/issues/3346 to align the Chrome Status UI with the launching-features page. > The RFC's introduction at > https://www.rfc-editor.org/rfc/rfc9155.html#name-introduction is a pretty > good explainer for why we should remove SHA-1 signatures. > > Agreed. Noting in general, there is a large process mismatch between TLS > launches and the Blink launch process, as discussed in > https://groups.google.com/a/chromium.org/g/blink-dev/c/CmlXjQeNWDI/m/r-AUe0OqAQAJ. > That's why this Intent looks a little different. > > As for the launch itself, I'll note it's been at 10% on Finch for a couple > weeks and everything looks gray, so we should be safe to ramp up to 100%. > The only thing of note was a correlation with an unrelated crash in Blink > <https://bugs.chromium.org/p/chromium/issues/detail?id=1479083#c2>, since > the deprecation rollout was fairly large. It only showed at 10%, not 1%. > > On Mon, Sep 18, 2023 at 3:53 PM Jeffrey Yasskin <jyass...@google.com> > wrote: > >> This should probably be an "Intent to Deprecate and Remove" >> <https://www.chromium.org/blink/launching-features/#feature-deprecations> >> rather than an "Intent to Ship". I'll let an API owner say if there's a >> reason to re-send it; probably there isn't. >> >> On Mon, Sep 18, 2023 at 3:47 PM 'David Adrian' via blink-dev < >> blink-dev@chromium.org> wrote: >> >>> Contact emailsdadr...@google.com >>> >>> ExplainerNone >>> >> >> The RFC's introduction at >> https://www.rfc-editor.org/rfc/rfc9155.html#name-introduction is a >> pretty good explainer for why we should remove SHA-1 signatures. >> >> >>> Specificationhttps://www.rfc-editor.org/rfc/rfc9155.html >>> >>> Summary >>> >>> Chrome is removing support for signature algorithms using SHA-1 for >>> server signatures during the TLS handshake. This does not affect SHA-1 >>> support in server certificates, which was already removed, or in client >>> certificates, which continues to be supported. SHA-1 can be temporarily >>> re-enabled via the temporary InsecureHashesInTLSHandshakesEnabled >>> enterprise policy. This policy will be removed in Chrome 123. >>> >>> >>> Blink componentInternals>Network>SSL >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL> >>> >>> Search tagstls <https://chromestatus.com/features#tags:tls>, ssl >>> <https://chromestatus.com/features#tags:ssl>, sha1 >>> <https://chromestatus.com/features#tags:sha1> >>> >>> TAG reviewNone >>> >>> TAG review statusNot applicable >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> At most 0.02% of page loads use the SHA1 fallback. However, we cannot >>> disambiguate between a flaky first connection, and actually requiring SHA1. >>> We expect the actual amount is lower. >>> >>> >>> *Gecko*: Positive ( >>> https://github.com/mozilla/standards-positions/issues/812) >>> >>> *WebKit*: Positive ( >>> https://github.com/WebKit/standards-positions/issues/196) >>> >>> *Web developers*: No signals >>> >>> *Other signals*: >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> None >>> >>> >>> Debuggability >>> >>> n/a, this happens pre-devtools >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, Chrome OS, Android, and Android WebView)?Yes >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ?No >>> >>> Flag name on chrome://flagsuse-sha1-server-handshakes >>> >>> Finch feature nameDisableSHA1ServerSignature >>> >>> Requires code in //chrome?False >>> >>> Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=658905 >>> >>> Launch bughttps://launch.corp.google.com/launch/4233200 >>> >>> Estimated milestones >>> Shipping on desktop 117 >>> OriginTrial desktop last 116 >>> OriginTrial desktop first 115 >>> DevTrial on desktop 115 >>> Shipping on Android 117 >>> OriginTrial Android last 116 >>> OriginTrial Android first 115 >>> DevTrial on Android 115 >>> OriginTrial webView last 116 >>> OriginTrial webView first 115 >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> None >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/4832850040324096 >>> >>> Links to previous Intent discussionsIntent to Experiment: >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42JZz%3De_TRVwumqgTj-A7543BR7JLBUR_GzVN_oOWhKVvg%40mail.gmail.com >>> >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LiSGgfN1trVXfrmCW0Upk9r9GK4XYZQm5Y8RSzphn_DA%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LiSGgfN1trVXfrmCW0Upk9r9GK4XYZQm5Y8RSzphn_DA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANh-dXnM7SzAOh2y6hcuezDpo-yCW%3DtNg0%3D1ErEMCFN%3DSSpsQQ%40mail.gmail.com.