Re: WebRTC Certificate Management - a plea to NOT use Web Crypto

Den 07. jan. 2015 19:18, skrev Martin Thomson:
> On 7 January 2015 at 10:16, Justin Uberti <juberti@google.com> wrote:
>> initial setup:
>> key = RTCGenerateKey();
>> serialize(key, storage);
>>
>> placing a call:
>> key = deserialize(storage);
>> pc = new RTCPeerConnection({dtlsKeys: key});
> 
> 
> As I understand it, we probably wouldn't want to call it a key in that
> case.  "credentials" might be closer to what Ryan is suggesting.
> 

Note - I think the concept of identity is somewhat orthogonal to the
keys question.

As I understand it, the common case is one of:

- Anonymous calling: the correspondent doesn't care who the other side
is, so no identification is needed.
- Identified calling: there's some chain of evidence linking the crypto
keys used for the call to some mutually-known identity (probably via an
identity provider).

In both cases, the actual crypto keys used can change between calls, and
the implementations so far have simply generated them anew for each call.

The two arguments I have heard for key persistence are:

- Supporting continuity of identity for the anonymous case. The most
compelling case (as I see it) here is page reload; one would want to
re-establish a connection on page reload without giving an attacker the
opportunity to insert itself, even when the call is anonymous.

- Avoiding key material generation, which can be expensive for
limited-power devices.

Which cases did I miss?

Received on Thursday, 8 January 2015 07:14:29 UTC