W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2015

Re: Issue 378: `getRemoteCertificates()` is ill-defined

From: Tim Panton new <thp@westhawk.co.uk>
Date: Mon, 9 Nov 2015 08:57:02 +0000
Cc: Philipp Hancke <fippo@andyet.net>, Eric Rescorla <ekr@rtfm.com>, Bernard Aboba <Bernard.Aboba@microsoft.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-Id: <11EFDF9F-ABED-42D7-A38E-56B90B99B9ED@westhawk.co.uk>
To: Martin Thomson <martin.thomson@gmail.com>

> On 9 Nov 2015, at 06:21, Martin Thomson <martin.thomson@gmail.com> wrote:
> On 8 November 2015 at 21:57, Philipp Hancke <fippo@andyet.net> wrote:
>> Then what is
>> http://w3c.github.io/webrtc-stats/#widl-RTCCertificateStats-issuerCertificateId
>> for? It seems to allow traversing the chain in stats. Which will allow the
>> application to determine at what level the certificate is trusted.
> That would seem to be in support of a fundamentally different model
> for authentication.  Has anyone actually proposed that model?

I may have mentioned something related. 
The idea was to be able to check how the cert associated with the media 
was related to that associated with the page. 
The only place I could see this being useful was when calling into a 
callcenter gateway - say from a banking web page -  the fact that the 
DTLS cert matched (in some undefined way) the TLS one might be
used to give the caller reassurance that the speaker did represent the bank.

I’m certainly in favour of having the remote cert accessible in some form or other to the JS -
there are interesting UX things one could do with it - like display the logo field for example.

Received on Monday, 9 November 2015 08:57:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:10 UTC