This is correct, but I'm not seeing an issue here. Yes, one origin can produce an assertion that is validated by a different origin. Yes, the browser that is used to produce an assertion doesn't validate that assertion (it's not the relying party). This might sound like a problem, but it isn't. You can read about why if you dig into SIGMA, and draft-ietf-mmusic-sdp-uks contains a more direct description of the problems that arise from this (and defenses you need). -- GitHub Notification of comment by martinthomson Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1506#issuecomment-398288188 using your GitHub accountReceived on Tuesday, 19 June 2018 06:26:11 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:44 UTC