- From: <bugzilla@jessica.w3.org>
- Date: Tue, 30 Apr 2013 17:36:50 +0000
- To: public-webrtc@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21879
Bug ID: 21879
Summary: Unable to access certificate information in the API
Classification: Unclassified
Product: WebRTC Working Group
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: WebRTC API
Assignee: public-webrtc@w3.org
Reporter: martin.thomson@skype.net
CC: public-webrtc@w3.org
The identity of the peer for an RTCPeerConnection is valuable information.
Current work concentrates on the mechanisms for authenticating this peer and
presenting identification information on browser chrome. No API surface is
provided for inspecting the certificate presented by the peer. No API surface
is provided for inspecting the certificate that will be presented to the peer.
Providing access to certificates allows an application to make in-content
assertions about the peer identity, as well as provide additional checks. For
instance, an application might be unable to use peer identity, but can provide
their own assurances about peer identity.
In terms of what information is provided, this doesn't need to be robust. I
don't know what the WebCrypto group has done so far on this, but taking
advantage of any API defined there is probably sensible. At a minimum, this
should provide access to the CN, DER-encoded certificate and a couple of
certificate fingerprints (SHA-1 and SHA-256 probably).
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
Received on Tuesday, 30 April 2013 17:36:51 UTC