- From: Soares Chen via GitHub <sysbot+gh@w3.org>
- Date: Tue, 25 Jul 2017 03:30:37 +0000
- To: public-webrtc-logs@w3.org
Oops, I missed rtcweb-security-arch _section 5.6.4. Binding Identity Assertions to JSEP Offer/Answer Transactions_ which specifies the format of `contents`, which caused the entire misunderstanding.
In that case I just need one clarification: Is reordering or reformatting of the fingerprints in `content` allowed? For example:
```javascript
const contents1 = `{
"fingerprint": [ {
"algorithm": "sha-256",
"digest": "4A:AD:B9:B1:3F:...:E5:7C:AB"
}, {
"algorithm": "sha-1",
"digest": "74:E9:76:C8:19:...:F4:45:6B"
} ]
}`
// Reformatting and reordering of contents1
const contents2 = `{
"fingerprint": [
{ "algorithm": "sha-1", "digest": "74:E9:76:C8:19:...:F4:45:6B" },
{ "algorithm": "sha-256", "digest": "4A:AD:B9:B1:3F:...:E5:7C:AB" }
]
}`
```
If on peer1's `generateAssertion()` receives `contents1` and peer2's `validateAssertion()` returns `contents2`, is that valid? Section 9.4.8. in webrtc-pc allows it, although everywhere else says `validateAssertion()` MUST return the original `contents1` string.
--
GitHub Notification of comment by soareschen
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1505#issuecomment-317618715 using your GitHub account
Received on Tuesday, 25 July 2017 03:30:37 UTC