W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > April 2018

Re: [webrtc-pc] Allow to import existing certificate

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Mon, 30 Apr 2018 03:04:24 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-385305455-1525057463-sysbot+gh@w3.org>
Firefox also supports persisting of certificates (and their corresponding keys).

@aboba, I don't think that this would necessarily need validation, though it certainly suggests that it would have value.  If we were to do anything here, I'd suggest that it be to support signing of certificates by a CA.  That's a pretty cumbersome process that involves exporting a PKCS#10 CSR and importing the signed certificate (including validation of the same). We'd need significant motivation to support even that.

As stated, this could be used to subvert the security mechanisms we have implemented.  It's not mere trouble as Tim suggests, but a full-blown undermining of our identity mechanism.  I would recommend closing this, then opening other issues to track the stated alternatives if those are still desirable.

-- 
GitHub Notification of comment by martinthomson
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1853#issuecomment-385305455 using your GitHub account
Received on Monday, 30 April 2018 03:04:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:22:01 UTC