Which version of Chrome are you wanting to ship in? Joe Medley | Technical Writer, Chrome DevRel | jmed...@google.com | 816-678-7195 *If an API's not documented it doesn't exist.*
On Wed, Feb 16, 2022 at 8:20 AM Daniel Bratell <bratel...@gmail.com> wrote: > LGTM3 > > Comment about double checking the security review stands. > > (We decided this was fine two weeks ago but not all the necessary mails > ended up on the list - our fault, good that you pinged us!) > > /Daniel > On 2022-02-16 13:39, 'Victor Vasiliev' via blink-dev wrote: > > Friendly ping. > > On Wed, Feb 2, 2022 at 11:53 AM Chris Harrelson <chris...@chromium.org> > wrote: > >> LGTM2 >> >> My understanding is that there is a security/privacy review ongoing to >> double-check this feature, so if there is an LGTM3 please make sure that >> review has concluded as well. >> >> On Wed, Feb 2, 2022 at 3:28 AM Yoav Weiss <yoavwe...@chromium.org> wrote: >> >>> LGTM1 >>> >>> On Thursday, January 20, 2022 at 7:08:59 AM UTC+1 Victor Vasiliev wrote: >>> >>>> Contact emails >>>> >>>> yhir...@chromium.org, vasi...@chromium.org >>>> >>>> Explainer >>>> >>>> https://github.com/w3c/webtransport/blob/main/explainer.md >>>> >>>> Spec >>>> >>>> >>>> https://w3c.github.io/webtransport/#dom-webtransportoptions-servercertificatehashes >>>> >>>> WebTransport has been already covered by a series of TAG reviews (389 >>>> <https://github.com/w3ctag/design-reviews/issues/389>, 669 >>>> <https://github.com/w3ctag/design-reviews/issues/669>). >>>> >>>> Summary >>>> >>>> In WebTransport, the serverCertificateHashes option allows the website >>>> to connect to a WebTransport server by authenticating the certificate >>>> against the expected certificate hash instead of using the Web PKI. This >>>> feature allows Web developers to connect to WebTransport servers that would >>>> normally find obtaining a publicly trusted certificate challenging, such as >>>> hosts that are not publically routable, or virtual machines that are >>>> ephemeral in nature. >>>> >>>> During the WebTransport Intent to Ship email thread >>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/kwC5wES3I4c>, >>>> concerns were raised regarding the security considerations of this portion >>>> of the spec being incomplete. We believe that we have addressed those >>>> concerns (notably, in this PR >>>> <https://github.com/w3c/webtransport/pull/375>). >>>> >>> >>> Please followup on the PR to ensure it lands. Thanks! :) >>> >>> >>>> In terms of the actual code behavior, the only major difference since >>>> the previous thread is that we no longer allow RSA keys for the >>>> certificates. >>>> >>>> Link to “Intent to Prototype” blink-dev discussion >>>> >>>> >>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/I6MS2kOKcx0/m/NAdg7Sc-CwAJ >>>> >>>> Is this feature supported on all six Blink platforms (Windows, Mac, >>>> Linux, Chrome OS, Android, and Android WebView)? >>>> >>>> Yes. >>>> >>>> Debuggability >>>> >>>> The certificate-related errors for WebTransport sessions are logged >>>> into the developer console. >>>> >>>> Measurement >>>> >>>> The use of this feature is tracked by the >>>> WebTransportServerCertificateHashes use counter. >>>> >>>> Risks >>>> >>>> Interoperability and Compatibility >>>> >>>> There is some discussion about adding a mechanism to prevent websites >>>> from using this feature via an HTTP header (either CSP or a new header). >>>> Some of the proposals could potentially break existing usage under certain >>>> conditions (e.g. if a webpage both uses serverCertificateHashes and has a >>>> connect-src directive, and we decide to extend connect-src); I expect for >>>> those cases to be sufficiently niche to ultimately not be a problem, and >>>> the question itself is of fairly low priority as there does not seem to be >>>> a strong security reason for a website to restrict serverCertificateHashes. >>>> >>> >>> Are you planning to file a separate intent once those plans materialize? >>> >>> >>>> >>>> Gecko: worth prototyping >>>> <https://github.com/mozilla/standards-positions/issues/167#issuecomment-1015951396> >>>> >>>> WebKit: no signal >>>> <https://lists.webkit.org/pipermail/webkit-dev/2021-September/031980.html> >>>> >>>> Web / Framework developers: positive (we have received indication in >>>> the past that serverCertificateHashes is a blocker for migrating from >>>> WebRTC at least one of them) >>>> >>>> Ergonomics >>>> >>>> The API is roughly modeled after a similar WebRTC API >>>> (RtcDtlsFingerprint), with a noted improvement that the certificate hash no >>>> longer requires to be serialized into a specific format. >>>> >>>> Activation >>>> >>>> Using this feature would require web developers to design their >>>> application in a way that supports generating and distributing ephemeral >>>> certificates on demand. >>>> >>>> Security >>>> >>>> Security considerations for this feature are discussed at length in PR >>>> #375 >>>> <https://pr-preview.s3.amazonaws.com/vasilvv/web-transport/pull/375.html#certificate-hashes> >>>> . >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>? >>>> Link to test suite results from wpt.fyi. >>>> >>>> WebTransport itself is tested by web-platform-tests; this specific >>>> feature requires infra support that is currently not available (issue >>>> <https://github.com/web-platform-tests/wpt/issues/32463>). >>>> >>>> Entry on the feature dashboard <http://www.chromestatus.com/> >>>> >>>> https://chromestatus.com/feature/5690646332440576 >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2a591c7e-ef31-4015-8b34-256e12bcfce3n%40chromium.org >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2a591c7e-ef31-4015-8b34-256e12bcfce3n%40chromium.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAZdMaetk7JoQ-gOmhcPKgRh2uo%2BnKNeG%3DYOF%3Dnrat0YVPUgBQ%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAZdMaetk7JoQ-gOmhcPKgRh2uo%2BnKNeG%3DYOF%3Dnrat0YVPUgBQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/546df1df-f975-85d1-ff9b-b59eadeab4a8%40gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/546df1df-f975-85d1-ff9b-b59eadeab4a8%40gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJUhtG9DD%3DkaNAPHj3z_pJ9%3Dp-6bfYqHzUtib-%2BOQqNhhT3tDg%40mail.gmail.com.
