- From: Martin Thomson via GitHub <sysbot+gh@w3.org>
- Date: Mon, 04 Nov 2019 23:39:29 +0000
- To: public-webrtc-logs@w3.org
My bad, I had the wrong hat on. 'll try again. There are two piece of information here that we might care about: the certificate and a private key. The certificate is harmless (in fact, it's intended to be public), so we don't really care about that leaking out any more than we care about arbitrary data on sites - it's bad, but it's not a particularly valuable secret. The private key is what we might want to concern ourselves with. The requirement is that the private key is only usable by the origin that minted it. The value should be protected from reading, from ALL web content, including that origin. In practice, the object in question likely only holds a handle to the secret. Furthermore, the value is generally only used in cryptographic functions that are generally implemented with special attention paid to the potential for side-channels. Those operations might occur in other processes. @nils-ohlmeier might be able to say how gecko is currently managing WebRTC connections, but I understand that there are plans to move connection establishment out of the content process, which would make these private keys safe from Spectres, Ghosts, Banshees, and the other creatures that haunt the web. Other engines might need to consider this also. -- GitHub Notification of comment by martinthomson Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2343#issuecomment-549596984 using your GitHub account
Received on Monday, 4 November 2019 23:39:30 UTC