[w3c/ServiceWorker] What to do when an installed service worker's certificate changes/expires (#1523)

What happens when on an update check, the service worker's certificate has expired or changed?

Currently Chrome doesn't update the certificate, and the certificate is used to populate the certificate info in the omnibox. So when you visit the site and click the padlock, you see the old certificate.

Proposal:
- If the new certificate is invalid/expired, update aborts as if it got a network error. No uninstallation etc.
- If the byte-to-byte comparison is the same, update aborts. However, we'll replace the certificate info of the existing service worker with the new certificate info.
- If the byte-to-byte comparison is the different, the update check goes on normally. The new service worker will have the new certificate info. The incumbent service worker will go on using the old certificate until it is evicted. (Which means if the update fails due to syntax error etc, we continue using the old cert until update succeeds or byte-to-byte is the same.)

Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1103551

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1523

Received on Thursday, 9 July 2020 06:54:40 UTC