On Mon, Sep 18, 2023 at 4:11 PM David Adrian <dadr...@google.com> wrote:

> > This should probably be an "Intent to Deprecate and Remove" rather than
> an "Intent to Ship".
>
> You're absolutely right that it should be, unfortunately that's not the
> subject Chrome Status generated. I'll file an issue.
>

Oops, yes, you did everything right here. There's already
https://github.com/GoogleChrome/chromium-dashboard/issues/2749 about
changing this subject line, and now
https://github.com/GoogleChrome/chromium-dashboard/issues/3346 to align the
Chrome Status UI with the launching-features page.

> The RFC's introduction at
> https://www.rfc-editor.org/rfc/rfc9155.html#name-introduction is a pretty
> good explainer for why we should remove SHA-1 signatures.
>
> Agreed. Noting in general, there is a large process mismatch between TLS
> launches and the Blink launch process, as discussed in
> https://groups.google.com/a/chromium.org/g/blink-dev/c/CmlXjQeNWDI/m/r-AUe0OqAQAJ.
> That's why this Intent looks a little different.
>
> As for the launch itself, I'll note it's been at 10% on Finch for a couple
> weeks and everything looks gray, so we should be safe to ramp up to 100%.
> The only thing of note was a correlation with an unrelated crash in Blink
> <https://bugs.chromium.org/p/chromium/issues/detail?id=1479083#c2>, since
> the deprecation rollout was fairly large. It only showed at 10%, not 1%.
>
> On Mon, Sep 18, 2023 at 3:53 PM Jeffrey Yasskin <jyass...@google.com>
> wrote:
>
>> This should probably be an "Intent to Deprecate and Remove"
>> <https://www.chromium.org/blink/launching-features/#feature-deprecations>
>> rather than an "Intent to Ship". I'll let an API owner say if there's a
>> reason to re-send it; probably there isn't.
>>
>> On Mon, Sep 18, 2023 at 3:47 PM 'David Adrian' via blink-dev <
>> blink-dev@chromium.org> wrote:
>>
>>> Contact emailsdadr...@google.com
>>>
>>> ExplainerNone
>>>
>>
>> The RFC's introduction at
>> https://www.rfc-editor.org/rfc/rfc9155.html#name-introduction is a
>> pretty good explainer for why we should remove SHA-1 signatures.
>>
>>
>>> Specificationhttps://www.rfc-editor.org/rfc/rfc9155.html
>>>
>>> Summary
>>>
>>> Chrome is removing support for signature algorithms using SHA-1 for
>>> server signatures during the TLS handshake. This does not affect SHA-1
>>> support in server certificates, which was already removed, or in client
>>> certificates, which continues to be supported. SHA-1 can be temporarily
>>> re-enabled via the temporary InsecureHashesInTLSHandshakesEnabled
>>> enterprise policy. This policy will be removed in Chrome 123.
>>>
>>>
>>> Blink componentInternals>Network>SSL
>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL>
>>>
>>> Search tagstls <https://chromestatus.com/features#tags:tls>, ssl
>>> <https://chromestatus.com/features#tags:ssl>, sha1
>>> <https://chromestatus.com/features#tags:sha1>
>>>
>>> TAG reviewNone
>>>
>>> TAG review statusNot applicable
>>>
>>> Risks
>>>
>>>
>>> Interoperability and Compatibility
>>>
>>> At most 0.02% of page loads use the SHA1 fallback. However, we cannot
>>> disambiguate between a flaky first connection, and actually requiring SHA1.
>>> We expect the actual amount is lower.
>>>
>>>
>>> *Gecko*: Positive (
>>> https://github.com/mozilla/standards-positions/issues/812)
>>>
>>> *WebKit*: Positive (
>>> https://github.com/WebKit/standards-positions/issues/196)
>>>
>>> *Web developers*: No signals
>>>
>>> *Other signals*:
>>>
>>> WebView application risks
>>>
>>> Does this intent deprecate or change behavior of existing APIs, such
>>> that it has potentially high risk for Android WebView-based applications?
>>>
>>> None
>>>
>>>
>>> Debuggability
>>>
>>> n/a, this happens pre-devtools
>>>
>>>
>>> Will this feature be supported on all six Blink platforms (Windows, Mac,
>>> Linux, Chrome OS, Android, and Android WebView)?Yes
>>>
>>> Is this feature fully tested by web-platform-tests
>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>>> ?No
>>>
>>> Flag name on chrome://flagsuse-sha1-server-handshakes
>>>
>>> Finch feature nameDisableSHA1ServerSignature
>>>
>>> Requires code in //chrome?False
>>>
>>> Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=658905
>>>
>>> Launch bughttps://launch.corp.google.com/launch/4233200
>>>
>>> Estimated milestones
>>> Shipping on desktop 117
>>> OriginTrial desktop last 116
>>> OriginTrial desktop first 115
>>> DevTrial on desktop 115
>>> Shipping on Android 117
>>> OriginTrial Android last 116
>>> OriginTrial Android first 115
>>> DevTrial on Android 115
>>> OriginTrial webView last 116
>>> OriginTrial webView first 115
>>>
>>> Anticipated spec changes
>>>
>>> Open questions about a feature may be a source of future web compat or
>>> interop issues. Please list open issues (e.g. links to known github issues
>>> in the project for the feature specification) whose resolution may
>>> introduce web compat/interop risk (e.g., changing to naming or structure of
>>> the API in a non-backward-compatible way).
>>> None
>>>
>>> Link to entry on the Chrome Platform Status
>>> https://chromestatus.com/feature/4832850040324096
>>>
>>> Links to previous Intent discussionsIntent to Experiment:
>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42JZz%3De_TRVwumqgTj-A7543BR7JLBUR_GzVN_oOWhKVvg%40mail.gmail.com
>>>
>>>
>>> This intent message was generated by Chrome Platform Status
>>> <https://chromestatus.com/>.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "blink-dev" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to blink-dev+unsubscr...@chromium.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LiSGgfN1trVXfrmCW0Upk9r9GK4XYZQm5Y8RSzphn_DA%40mail.gmail.com
>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LiSGgfN1trVXfrmCW0Upk9r9GK4XYZQm5Y8RSzphn_DA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANh-dXnM7SzAOh2y6hcuezDpo-yCW%3DtNg0%3D1ErEMCFN%3DSSpsQQ%40mail.gmail.com.

Reply via email to