Re: [webrtc-pc] Allow to import existing certificate

If a site can install a private key and certificate on two different browsers, then that implies two things:

1. the site has access to the private key - the site can impersonate the browser
2. both browsers have access to the private key - each browser can impersonate the other

In particular, the latter means that an identity assertion obtained by one user can be used by a completely different user.

GitHub Notification of comment by martinthomson
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 1 May 2018 05:20:10 UTC