> How would we know of breakage in those 10%? Would that look like users filing issues? Something else?
Usually we see it reflected in DAU and users filing issues. This is what happened when we had issues during root store deployment. We also have Net.SSL_Connection_Error, which does show a slight decrease in OK (0.009%) and some shifting of errors around. However, this doesn't seem to have manifested in any other changes. > Also, are those 0.02% driven by origins? Specific user platforms? Something else? Specific server platforms, +David Benjamin <david...@chromium.org> can provide more detail. On Mon, Sep 18, 2023 at 10:49 PM Yoav Weiss <yoavwe...@chromium.org> wrote: > > > On Tue, Sep 19, 2023 at 7:45 AM Yoav Weiss <yoavwe...@chromium.org> wrote: > >> >> >> On Tue, Sep 19, 2023 at 1:35 AM 'Jeffrey Yasskin' via blink-dev < >> blink-dev@chromium.org> wrote: >> >>> On Mon, Sep 18, 2023 at 4:11 PM David Adrian <dadr...@google.com> wrote: >>> >>>> > This should probably be an "Intent to Deprecate and Remove" rather >>>> than an "Intent to Ship". >>>> >>>> You're absolutely right that it should be, unfortunately that's not the >>>> subject Chrome Status generated. I'll file an issue. >>>> >>> >>> Oops, yes, you did everything right here. There's already >>> https://github.com/GoogleChrome/chromium-dashboard/issues/2749 about >>> changing this subject line, and now >>> https://github.com/GoogleChrome/chromium-dashboard/issues/3346 to align >>> the Chrome Status UI with the launching-features page. >>> >>> > The RFC's introduction at >>>> https://www.rfc-editor.org/rfc/rfc9155.html#name-introduction is a >>>> pretty good explainer for why we should remove SHA-1 signatures. >>>> >>>> Agreed. Noting in general, there is a large process mismatch between >>>> TLS launches and the Blink launch process, as discussed in >>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/CmlXjQeNWDI/m/r-AUe0OqAQAJ. >>>> That's why this Intent looks a little different. >>>> >>> >> I wouldn't categorize it as a large process mismatch. But that's an >> orthogonal discussion. >> >> >>> >>>> As for the launch itself, I'll note it's been at 10% on Finch for a >>>> couple weeks and everything looks gray, so we should be safe to ramp up to >>>> 100%. The only thing of note was a correlation with an unrelated crash >>>> in Blink >>>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1479083#c2>, >>>> since the deprecation rollout was fairly large. It only showed at 10%, not >>>> 1%. >>>> >>> > How would we know of breakage in those 10%? Would that look like users > filing issues? Something else? > > >>>> On Mon, Sep 18, 2023 at 3:53 PM Jeffrey Yasskin <jyass...@google.com> >>>> wrote: >>>> >>>>> This should probably be an "Intent to Deprecate and Remove" >>>>> <https://www.chromium.org/blink/launching-features/#feature-deprecations> >>>>> rather than an "Intent to Ship". I'll let an API owner say if there's a >>>>> reason to re-send it; probably there isn't. >>>>> >>>>> On Mon, Sep 18, 2023 at 3:47 PM 'David Adrian' via blink-dev < >>>>> blink-dev@chromium.org> wrote: >>>>> >>>>>> Contact emailsdadr...@google.com >>>>>> >>>>>> ExplainerNone >>>>>> >>>>> >>>>> The RFC's introduction at >>>>> https://www.rfc-editor.org/rfc/rfc9155.html#name-introduction is a >>>>> pretty good explainer for why we should remove SHA-1 signatures. >>>>> >>>>> >>>>>> Specificationhttps://www.rfc-editor.org/rfc/rfc9155.html >>>>>> >>>>>> Summary >>>>>> >>>>>> Chrome is removing support for signature algorithms using SHA-1 for >>>>>> server signatures during the TLS handshake. This does not affect SHA-1 >>>>>> support in server certificates, which was already removed, or in client >>>>>> certificates, which continues to be supported. SHA-1 can be temporarily >>>>>> re-enabled via the temporary InsecureHashesInTLSHandshakesEnabled >>>>>> enterprise policy. This policy will be removed in Chrome 123. >>>>>> >>>>>> >>>>>> Blink componentInternals>Network>SSL >>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL> >>>>>> >>>>>> Search tagstls <https://chromestatus.com/features#tags:tls>, ssl >>>>>> <https://chromestatus.com/features#tags:ssl>, sha1 >>>>>> <https://chromestatus.com/features#tags:sha1> >>>>>> >>>>>> TAG reviewNone >>>>>> >>>>>> TAG review statusNot applicable >>>>>> >>>>>> Risks >>>>>> >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> At most 0.02% of page loads use the SHA1 fallback. However, we cannot >>>>>> disambiguate between a flaky first connection, and actually requiring >>>>>> SHA1. >>>>>> We expect the actual amount is lower. >>>>>> >>>>> >> Are we thinking that 0.02% is a loose upper bound? Is that correct? >> Any way to sample a few sites to validate that assumption? >> > > Also, are those 0.02% driven by origins? Specific user platforms? > Something else? > > >> >> >>> >>>>>> >>>>>> *Gecko*: Positive ( >>>>>> https://github.com/mozilla/standards-positions/issues/812) >>>>>> >>>>>> *WebKit*: Positive ( >>>>>> https://github.com/WebKit/standards-positions/issues/196) >>>>>> >>>>>> *Web developers*: No signals >>>>>> >>>>>> *Other signals*: >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>> that it has potentially high risk for Android WebView-based applications? >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> Debuggability >>>>>> >>>>>> n/a, this happens pre-devtools >>>>>> >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)?Yes >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ?No >>>>>> >>>>>> Flag name on chrome://flagsuse-sha1-server-handshakes >>>>>> >>>>>> Finch feature nameDisableSHA1ServerSignature >>>>>> >>>>>> Requires code in //chrome?False >>>>>> >>>>>> Tracking bug >>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=658905 >>>>>> >>>>>> Launch bughttps://launch.corp.google.com/launch/4233200 >>>>>> >>>>>> Estimated milestones >>>>>> Shipping on desktop 117 >>>>>> OriginTrial desktop last 116 >>>>>> OriginTrial desktop first 115 >>>>>> DevTrial on desktop 115 >>>>>> Shipping on Android 117 >>>>>> OriginTrial Android last 116 >>>>>> OriginTrial Android first 115 >>>>>> DevTrial on Android 115 >>>>>> OriginTrial webView last 116 >>>>>> OriginTrial webView first 115 >>>>>> >>>>>> Anticipated spec changes >>>>>> >>>>>> Open questions about a feature may be a source of future web compat >>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>> issues in the project for the feature specification) whose resolution may >>>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>>> of >>>>>> the API in a non-backward-compatible way). >>>>>> None >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> https://chromestatus.com/feature/4832850040324096 >>>>>> >>>>>> Links to previous Intent discussionsIntent to Experiment: >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42JZz%3De_TRVwumqgTj-A7543BR7JLBUR_GzVN_oOWhKVvg%40mail.gmail.com >>>>>> >>>>>> >>>>>> This intent message was generated by Chrome Platform Status >>>>>> <https://chromestatus.com/>. >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LiSGgfN1trVXfrmCW0Upk9r9GK4XYZQm5Y8RSzphn_DA%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42LiSGgfN1trVXfrmCW0Upk9r9GK4XYZQm5Y8RSzphn_DA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANh-dXnM7SzAOh2y6hcuezDpo-yCW%3DtNg0%3D1ErEMCFN%3DSSpsQQ%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANh-dXnM7SzAOh2y6hcuezDpo-yCW%3DtNg0%3D1ErEMCFN%3DSSpsQQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42Jv24u%2BdxQSpRYMHthC3n6uq93Wnd_iHDMBYL8eP2qQ3w%40mail.gmail.com.
