Re: Thoughts on MTI stats

Am 19.12.2016 um 17:52 schrieb Cullen Jennings (fluffy):
>
> I like the list of MTI stats in the editor draft that is coming out today but two things come to mind which would be nice to have as MTI.
>
> I'd like to be able to know what crypto the DTLS is using - some future browser will negotiate stuff that is INHO less secure than what the IETF specified and I'd like my javascript to be able to see that.

Chrome actually has those stats in their "legacy" stats (dtlsCipher on 
googComponent). I find them curious but I can see how you use them to 
weed out bad crypto.

 From what I can see there (without splitting it up further between 
browser version and or/peer:

   percentage  |                dtlsciphersuite
--------------+-----------------------------------------------
  59           | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  21           | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
   6           | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   5           | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
   4           | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   1           | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
   1           | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
and things below 1%.

If that violates anyones expectations about "strong crypto" I can try 
splitting it up by local version and remote browser type.

Received on Monday, 19 December 2016 21:08:58 UTC