W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > April 2018

Re: [webrtc-pc] Allow to import existing certificate

From: Ariel Tubaltsev via GitHub <sysbot+gh@w3.org>
Date: Thu, 26 Apr 2018 17:07:23 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-384717040-1524762442-sysbot+gh@w3.org>
@martinthomson Sure. Let's say for signalling, I want to use websockets, in secure mode + authenticating client's certificate. To setup such communication I need to issue CA-signed certificates and let CA be known both to server and browser.

Now, let's say for WebRTC channels, I want to pin certificates. Since I already have one certificate, CA-issused, I'd like to use that, to authenticate the same entity, rather than generate a new one.

I understand the argument that certificates should be managed outside of the in-browser code, like websockets do, but since we already have an ability to generate it with RTCPeerConnection API, not sure why it would be much worse to allow to import it.



-- 
GitHub Notification of comment by arielt
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1853#issuecomment-384717040 using your GitHub account
Received on Thursday, 26 April 2018 17:07:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:22:01 UTC