- From: Soares Chen via GitHub <sysbot+gh@w3.org>
- Date: Tue, 25 Jul 2017 03:30:37 +0000
- To: public-webrtc-logs@w3.org
Oops, I missed rtcweb-security-arch _section 5.6.4. Binding Identity Assertions to JSEP Offer/Answer Transactions_ which specifies the format of `contents`, which caused the entire misunderstanding. In that case I just need one clarification: Is reordering or reformatting of the fingerprints in `content` allowed? For example: ```javascript const contents1 = `{ "fingerprint": [ { "algorithm": "sha-256", "digest": "4A:AD:B9:B1:3F:...:E5:7C:AB" }, { "algorithm": "sha-1", "digest": "74:E9:76:C8:19:...:F4:45:6B" } ] }` // Reformatting and reordering of contents1 const contents2 = `{ "fingerprint": [ { "algorithm": "sha-1", "digest": "74:E9:76:C8:19:...:F4:45:6B" }, { "algorithm": "sha-256", "digest": "4A:AD:B9:B1:3F:...:E5:7C:AB" } ] }` ``` If on peer1's `generateAssertion()` receives `contents1` and peer2's `validateAssertion()` returns `contents2`, is that valid? Section 9.4.8. in webrtc-pc allows it, although everywhere else says `validateAssertion()` MUST return the original `contents1` string. -- GitHub Notification of comment by soareschen Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1505#issuecomment-317618715 using your GitHub account
Received on Tuesday, 25 July 2017 03:30:37 UTC