On Thu, Aug 26, 2021 at 1:10 PM Yoav Weiss <yoavwe...@chromium.org> wrote:
> What would breakage look like? > Once the feature is gone (the end state), anyone attempting to set up a connection using SDES will have their session rejected. Anyone attempting to set the constraint will just have it ignored, like any other unsupported value in a dictionary. I'm thinking that we should add an intermediate step where anyone attempting to configure SDES has the constructor throw rather than ignoring the member. > What's the requested timeline for the deprecation part of this? > I'd like to get the deprecation warning in 95 (stable Oct 19), start throwing in 97 (stable Jan 4), and removing the code entirely in 99 (stable Mar 1). > Any plans for targeted outreach for the remaining users? > Only the usual PSA on webrtc-users and discuss-webrtc + word of mouth. > > On Thu, Aug 26, 2021 at 11:05 AM 'Philipp Hancke' via blink-dev < > blink-dev@chromium.org> wrote: > >> stats here: >> https://www.chromestatus.com/metrics/feature/timeline/popularity/2383 >> > > Impressive decline in usage! > > >> Away with it! >> >> Am Do., 26. Aug. 2021 um 10:45 Uhr schrieb 'Harald Alvestrand' via >> blink-dev <blink-dev@chromium.org>: >> >>> Contact emails...@chromium.org >>> >>> ExplainerNone >>> >>> Specificationhttps://www.rfc-editor.org/rfc/rfc8826#section-4.3.1 >>> >>> Summary >>> >>> The SDES key exchange mechanism for WebRTC has been declared a MUST NOT >>> in the relevant IETF standards since 2013. The SDES specification has been >>> declared Historic by the IETF. Its usage in Chrome has declined >>> significantly over the recent year. This intent is to deprecate and remove >>> this code from Chromium and WebRTC. >>> >>> >>> Blink componentBlink>WebRTC>Network >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EWebRTC%3ENetwork> >>> >>> Motivation >>> >>> The reason why SDES is deprecated is that it is a security problem: It >>> exposes session keys to Javascript, which means that entities with access >>> to the negotiation exchange, or with the ability to subvert the Javascript, >>> can decrypt the media sent over the connection. >>> >>> >>> Initial public proposal >>> >>> TAG review >>> >>> TAG review statusNot applicable >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> >>> >>> Gecko: No signal >>> >>> WebKit: No signal >>> >> > Filing for signals may be an overkill here, but are there bugs filed on > other implementers asking them to follow? > > >> >>> Web developers: No signals >>> >>> >>> Debuggability >>> >>> When this feature is removed, people attempting to set up such a >>> connection will fail to do so. This should be easy to diagnose. >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>> ?No >>> >>> Flag name >>> >>> Requires code in //chrome?False >>> >>> Tracking bughttps://crbug.com/webrtc/11066 >>> >>> Estimated milestones >>> >>> Link to entry on the Chrome Platform Status >>> https://www.chromestatus.com/feature/5695324321480704 >>> >>> This intent message was generated by Chrome Platform Status >>> <https://www.chromestatus.com/>. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOqqYVFNbzG24kGbRFT1sMAroU4ifwv%2BpkA0kU2vkmpHFSgDrQ%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOqqYVFNbzG24kGbRFT1sMAroU4ifwv%2BpkA0kU2vkmpHFSgDrQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADxkKiJrgemVNeyGP5bw%3Dp40%2Bwc6Zbxi3q-CRWpqV%2BpU%3Dk8%2BgQ%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADxkKiJrgemVNeyGP5bw%3Dp40%2Bwc6Zbxi3q-CRWpqV%2BpU%3Dk8%2BgQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOqqYVGgQnMQqFJ3Uq4aKHXa9rG2d8k5AKsqugLa62toWCghOA%40mail.gmail.com.
