W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2015

Re: WebRTC Certificate Management - a plea to NOT use Web Crypto

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 8 Jan 2015 08:57:41 -0800
Message-ID: <CABkgnnVDb32+9CgzXO4Fe6Y8QNqoBUNfK1KKMz7pBzWJkPJ-WA@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 7 January 2015 at 23:14, Harald Alvestrand <harald@alvestrand.no> wrote:
>> As I understand it, we probably wouldn't want to call it a key in that
>> case.  "credentials" might be closer to what Ryan is suggesting.
> Note - I think the concept of identity is somewhat orthogonal to the
> keys question.

The point here is to provide a point of control whereby applications
can influence linkability (in both directions) based on the material
they present at the TLS layer.  No more than that.  The keying
material used is the only relevant piece in this context.  How that
subsequently binds to identity is absolutely separate (and obviously
linkability can occur at that point too).

That is why I am - at least in part - confused by the objection to the
idea that this is keying material.  I do understand that the overlap
between this and WebCrypto keys could make it a bad fit in the eyes of
some.  I still don't see why so much spittle is being expelled over it
Received on Thursday, 8 January 2015 16:58:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:03 UTC