(See http://www.chromium.org/blink#launch-process for an overview)
Change description:
The TLS protocol provides several extension "joints" which we exercise on occasion to add new features. These typically are lists of opaque 16-bit code points (such as cipher suites) that the client offers and the server selects. For these extension points to work, servers must correctly ignore unknown values.
However, bugs may cause a server to reject unknown values. These broken servers will interoperate with existing clients, so the mistake may spread through the ecosystem unnoticed. Later, when new values are defined, updated clients will discover that the joint has rusted shut and that the new values cannot be deployed without interoperability failures.
(For those more familiar with HTTP or JS, imagine if sites broke on unexpected HTTP headers or JS attributes and we didn’t add new ones often enough to prevent this.)
GREASE (Generate Random Extensions And Sustain Extensibility) is a proposal to reserves some currently unused values for clients to advertise at random. Correct server implementations will ignore these values and interoperate. Servers that do not tolerate unknown values will fail to interoperate with existing clients, revealing the mistake before it is widespread.
We intend to apply GREASE to TLS cipher suites, extensions, and ECDH curves, hopefully expanding to other fields in the future.
Changes to API surface:
(none)
Links:
Public standards discussion: https://tools.ietf.org/html/draft-davidben-tls-grease-01
Support in other browsers:
Internet Explorer:
Firefox:
Safari:
*Make sure to fill in any labels with a -?, including all OSes this change
affects. Feel free to leave other labels at the defaults.
Comment 1 by awhalley@chromium.org
, Oct 12 2016