Open Bug 1491583 Opened 7 years ago Updated 3 years ago

Can we remove the SRTP_AES128_CM_HMAC_SHA1_32 cipher

Categories

(Core :: WebRTC: Networking, enhancement, P3)

Product:
Core
Component:
WebRTC: Networking
Type:
enhancement

Tracking

()

People

(Reporter: drno, Unassigned)

References

Details

We want to figure out when we can remove the SRTP_AES128_CM_HMAC_SHA1_32 from Firefox SRTP inside WebRTC.
Preliminary data after 13 days https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2018-10-02&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=nightly%252F64&measure=WEBRTC_SRTP_CIPHER&min_channel_version=nightly%252F57&processType=*&product=Firefox&sanitize=0&sort_keys=submissions&start_date=2018-09-20&table=0&trim=1&use_submission_date=0 Surprising 3% use of SRTP_AES128_CM_HMAC_SHA1_32 in the Nightly channel. Lets wait how this evolves in the Beta channel, but so far it doesn't look like we can remove this without causing interop issues.
Well, maybe. The problem is the other side might support 80 bit MACs but prefer 32. Not sure how to measure that, though
We could record new telemetry that splits by role: as a server, we won't pick 32.
We could, but that just tells us who prefers 32, not who would fail if we did not offer it.
Depends on: 1510898

(In reply to Eric Rescorla (:ekr) from comment #2)

Well, maybe. The problem is the other side might support 80 bit MACs but
prefer 32. Not sure how to measure that, though

I found that Facebook Messenger does exactly that, but only in one direction.

With SHA1_32 being well below 1% for quite some time now https://mzl.la/3MnDehl it might be time to finally remove this.

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.