Re: [webrtc-pc] Allow to import existing certificate from Martin Thomson via GitHub on 2018-05-01 (public-webrtc-logs@w3.org from May 2018)

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Tue, 01 May 2018 05:19:56 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-385601728-1525151995-sysbot+gh@w3.org>

If a site can install a private key and certificate on two different browsers, then that implies two things:

1. the site has access to the private key - the site can impersonate the browser
2. both browsers have access to the private key - each browser can impersonate the other

In particular, the latter means that an identity assertion obtained by one user can be used by a completely different user.

-- 
GitHub Notification of comment by martinthomson
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1853#issuecomment-385601728 using your GitHub account

Received on Tuesday, 1 May 2018 05:20:10 UTC