- From: Martin Thomson via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 Oct 2018 00:50:08 +0000
- To: public-webrtc-logs@w3.org
Certificates are suboptimal, yes, because they are used as glorified contains for public keys. Using PSK would be a terrible idea for the same reason we don't use security descriptions: it makes impersonation by entities with access to signaling trivial. I think you really want to ask for is raw public keys (RFC 7250). The reason we don't use those is that they aren't very widely implemented in stacks, which makes deployment tricky. I'm not opposed to someone working out how to signal use of raw public keys in SDP, but it's a non-trivial part to deploying something like that. Motivating the change isn't that simple because certificate overheads aren't that terrible in practice. DTLS 1.3 should fix the handshake latency problems without the associated compatibility risk. -- GitHub Notification of comment by martinthomson Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2007#issuecomment-430450773 using your GitHub account
Received on Wednesday, 17 October 2018 00:50:09 UTC