Re: [webrtc-pc] either full check certs or explain why it's not necessary (4.4.1.1 Constructor) from Martin Thomson via GitHub on 2018-03-17 (public-webrtc-logs@w3.org from March 2018)

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Sat, 17 Mar 2018 15:02:02 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-373926648-1521298921-sysbot+gh@w3.org>

These are not domain PKI certificates.  Though we use certificates, they are glorified holders of public keys.  Trust is anchored in the signaling.

The explanation for why checking isn't needed is a few levels of indirection away (in draft-ietf-rtcweb-security-arch, or further).  So no objection to someone adding an explanation here.

-- 
GitHub Notification of comment by martinthomson
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1808#issuecomment-373926648 using your GitHub account

Received on Saturday, 17 March 2018 15:02:07 UTC