Re: Question about time to generate certs

On 9/6/15 11:52 AM, Harald Alvestrand wrote:
> What would you recommend as the best explanation of what the "identity"
> asserted by an ephemeral cert "means"?

For the "stable identity" situation Martin mentions, it's functionally 
equivalent to the certs used by SSH.

> I had a discussion with a colleague the other day about this - as far as
> I can tell, an ephemeral cert signed by no trusted party can be used for
> reassurance that the signalling channel and the media channel have
> either not been MITMed or that they have both been MITMed by the same
> attacker.

For an unsigned, one-time-use (or first-time-use) cert, that's my 
understanding. This is why the identity portion of the spec is so 
important, both for being complete and well-defined in the 1.0 spec, and 
for being implemented in WebRTC-supporting browsers.

/a

Received on Sunday, 6 September 2015 17:27:44 UTC