Contact emailsdadr...@google.com Explainer https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.html
Specification https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.html Summary Protect current Chrome TLS traffic against future quantum cryptanalysis by deploying the Kyber768 quantum-resistant key agreement algorithm. This is a hybrid X25519 + Kyber768 key agreement based on an IETF standard. This specification and launch is outside the scope of W3C. This key agreement will be launched as a TLS cipher, and should be transparent to users. https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html Blink componentInternals>Network>SSL <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL> Search tagstls <https://chromestatus.com/features#tags:tls>, kem <https://chromestatus.com/features#tags:kem>, kyber <https://chromestatus.com/features#tags:kyber>, postquantum <https://chromestatus.com/features#tags:postquantum> TAG review TAG review statusPending Risks Interoperability and Compatibility Post-quantum secure ciphers are larger than classical ciphers. This may cause compatibility issues with middleboxes. *Gecko*: No signal ( https://github.com/mozilla/standards-positions/issues/874) Firefox is also in the process of rolling this out. *WebKit*: No signal ( https://github.com/WebKit/standards-positions/issues/244) *Web developers*: No signals *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? Goals for experimentation This is a Finch experiment, not site opt-in. We are aiming to shake out bugs and incompatibilities with buggy TLS stacks that do not correctly handle large TLS ClientHellos. Announcing a public timeline for experimenting on stable provides the necessary justification for teams at companies who have buggy TLS stacks to prioritize fixing the bugs. Ongoing technical constraints Debuggability Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?No Flag name on chrome://flagsenable-tls13-kyber Finch feature namePostQuantumKyber Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1442377 Launch bughttps://launch.corp.google.com/launch/4252981 Estimated milestones Shipping on desktop 119 OriginTrial desktop last 118 OriginTrial desktop first 117 DevTrial on desktop 115 Shipping on Android 119 OriginTrial Android last 118 OriginTrial Android first 117 DevTrial on Android 115 Shipping on WebView 119 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5257822742249472 Links to previous Intent discussionsIntent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42%2BgKeCTA6vWwzrE%3DDVR%3DTmQaCyDFQxqnXkOy9GcVyGtnA%40mail.gmail.com This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGkh42%2B37SpGUy9t6bBkP13XQL4mrEaY%2Bu0wAzttjZyr_f2rGA%40mail.gmail.com.
