Re: Issue 378: `getRemoteCertificates()` is ill-defined from Martin Thomson on 2015-11-09 (public-webrtc@w3.org from November 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Sun, 8 Nov 2015 22:21:31 -0800
To: Philipp Hancke <fippo@andyet.net>
Cc: Eric Rescorla <ekr@rtfm.com>, Bernard Aboba <Bernard.Aboba@microsoft.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <CABkgnnWMSHcBrniStnLL8nfHCB=9n2ixyihLbBm=jZ6hvFZpSg@mail.gmail.com>

On 8 November 2015 at 21:57, Philipp Hancke <fippo@andyet.net> wrote:
> Then what is
> http://w3c.github.io/webrtc-stats/#widl-RTCCertificateStats-issuerCertificateId
> for? It seems to allow traversing the chain in stats. Which will allow the
> application to determine at what level the certificate is trusted.

That would seem to be in support of a fundamentally different model
for authentication.  Has anyone actually proposed that model?

Received on Monday, 9 November 2015 06:21:59 UTC