Re: Intent to unship: DTLS 1.0 for WebRTC

2019-11-13 Thread Martin Thomson 
This is somewhat more aggressive than our plans for HTTPS.  The usage rate
is significantly higher (that's about 3x) and we don't have DTLS 1.3 yet,
though the spec is now close to publication.

On balance, this is still justifiable given the nature of this feature.

On Fri, Nov 8, 2019 at 5:29 PM Nils Ohlmeier  wrote:

> With the intent to unship TLS 1.0 and 1.1
> https://groups.google.com/forum/#!topic/mozilla.dev.platform/8EFRYDR3N1c <
> https://groups.google.com/forum/#!topic/mozilla.dev.platform/8EFRYDR3N1c>
> we don’t want to leave Firefox users left with the old DTLS 1.0 when using
> WebRTC.
>
> The latest draft on WebRTC security architecture (which soon going to be
> published as an RFC) requires all implementations to support DTLS 1.2
> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#section-6.5
> <
> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#section-6.5
> >
>
> In Firefox 71 we landed user prefs which enables developers to test their
> WebRTC services with DTLS 1.2 only.
>
> Chrome has announced to also turn off DTLS 1.0 for WebRTC in M81
> https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topicsearchin/discuss-webrtc/dtls;context-place=searchin/discuss-webrtc/PSA$3A/discuss-webrtc/Dsq_14_WoUk
> <
> https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topicsearchin/discuss-webrtc/dtls;context-place=searchin/discuss-webrtc/PSA$3A/discuss-webrtc/Dsq_14_WoUk
> >
>
> Last time when we measured DTLS 1.0 usage was 1.88% in Firefox 68 Beta
> https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2019-06-18&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%252F67&measure=WEBRTC_DTLS_PROTOCOL_VERSION&min_channel_version=null&processType=*&product=Firefox&sanitize=0&sort_by_value=0&sort_keys=submissions&start_date=2019-03-10&table=0&trim=0&use_submission_date=0
> <
> https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2019-06-18&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%2F67&measure=WEBRTC_DTLS_PROTOCOL_VERSION&min_channel_version=null&processType=*&product=Firefox&sanitize=0&sort_by_value=0&sort_keys=submissions&start_date=2019-03-10&table=0&trim=0&use_submission_date=0
> >
>
> We want to disable DTLS 1.0 in WebRTC together with TLS 1.0 and 1.1 in
> March 2020.
>
> Disabling DTLS 1.0 is tracked at
> https://bugzilla.mozilla.org/show_bug.cgi?id=1506392 <
> https://bugzilla.mozilla.org/show_bug.cgi?id=1506392>
>
> Best
>   Nils Ohlmeier
>
> ___
> dev-platform mailing list
> dev-platform@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Intent to unship: DTLS 1.0 for WebRTC

2019-11-07 Thread Nils Ohlmeier 
With the intent to unship TLS 1.0 and 1.1 
https://groups.google.com/forum/#!topic/mozilla.dev.platform/8EFRYDR3N1c 
 we 
don’t want to leave Firefox users left with the old DTLS 1.0 when using WebRTC.

The latest draft on WebRTC security architecture (which soon going to be 
published as an RFC) requires all implementations to support DTLS 1.2
https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#section-6.5 


In Firefox 71 we landed user prefs which enables developers to test their 
WebRTC services with DTLS 1.2 only.

Chrome has announced to also turn off DTLS 1.0 for WebRTC in M81 
https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topicsearchin/discuss-webrtc/dtls;context-place=searchin/discuss-webrtc/PSA$3A/discuss-webrtc/Dsq_14_WoUk
 


Last time when we measured DTLS 1.0 usage was 1.88% in Firefox 68 Beta 
https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2019-06-18&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%252F67&measure=WEBRTC_DTLS_PROTOCOL_VERSION&min_channel_version=null&processType=*&product=Firefox&sanitize=0&sort_by_value=0&sort_keys=submissions&start_date=2019-03-10&table=0&trim=0&use_submission_date=0
 


We want to disable DTLS 1.0 in WebRTC together with TLS 1.0 and 1.1 in March 
2020.

Disabling DTLS 1.0 is tracked at 
https://bugzilla.mozilla.org/show_bug.cgi?id=1506392 


Best
  Nils Ohlmeier

___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform