W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > October 2018

[webrtc-pc] Use PSK key exchange in DTLS transport instead of certificates

From: Dmitriy Tsvettsikh via GitHub <sysbot+gh@w3.org>
Date: Wed, 17 Oct 2018 00:20:43 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-370849405-1539735642-sysbot+gh@w3.org>
reklatsmasters has just created a new issue for https://github.com/w3c/webrtc-pc:

== Use PSK key exchange in DTLS transport instead of certificates ==
If i understand correctly, the way of establish secure connection is:

* generate self-signed certificate with ECDSA key
* share certificate fingerprint through exising secure channel inside SDP
* check certificates in dtls handshake process

I think certificates is complex and absolutely unneeded part of WebRTC. The `PSK` key  exchange is much easier and do the same thinks. The ideal cipher suite to use in WebRTC is [RFC8442](https://tools.ietf.org/html/rfc8442) wich provides Perfect Forward Secrecy (ECDHE_PSK) and modern cipers (AEAD).

Besides, the `PSK` key exchange makes dtls handshake faster, see [RFC4279](https://tools.ietf.org/html/rfc4279#section-2):

> The Certificate and CertificateRequest payloads are omitted from the response.<...> If no hint is provided, the ServerKeyExchange message is omitted.

Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2007 using your GitHub account
Received on Wednesday, 17 October 2018 00:20:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:22:07 UTC