Re: [webrtc-pc] RTCCertificate security boundary (#2343)

For full certainty, you should probably ask @martinthomson - but my uderstanding is that the origin is used to provide what you might think of as a weak PKI - i.e. RTCertificates can only be generated within a single origin - which ties them back to a given https certificate. They can only be used within the same origin. So a webRTC peer receiving a P2P call with a certificate it has seen before can be reasonably certain that the peer's origin is the same as it was the previous times. If you add this to the fact that the RTCertificate isn't movable, then the peer also knows that this is from the same user agent as before. - These properties are useful in constructing an identity system.

In my view it is wrong to attempt to send an RTCCertificate to a different origin, so the error should be on the send side.  

-- 
GitHub Notification of comment by steely-glint
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2343#issuecomment-548873979 using your GitHub account

Received on Friday, 1 November 2019 17:17:32 UTC