W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > May 2018

Re: [webrtc-pc] Allow to import existing certificate

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Tue, 01 May 2018 05:19:56 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-385601728-1525151995-sysbot+gh@w3.org>
If a site can install a private key and certificate on two different browsers, then that implies two things:

1. the site has access to the private key - the site can impersonate the browser
2. both browsers have access to the private key - each browser can impersonate the other

In particular, the latter means that an identity assertion obtained by one user can be used by a completely different user.

GitHub Notification of comment by martinthomson
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1853#issuecomment-385601728 using your GitHub account
Received on Tuesday, 1 May 2018 05:20:10 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:44 UTC