W3C home > Mailing lists > Public > public-webrtc@w3.org > September 2015

Re: Question about time to generate certs

From: Adam Roach <adam@nostrum.com>
Date: Sun, 6 Sep 2015 12:27:19 -0500
To: public-webrtc@w3.org
Message-ID: <55EC7777.3000408@nostrum.com>
On 9/6/15 11:52 AM, Harald Alvestrand wrote:
> What would you recommend as the best explanation of what the "identity"
> asserted by an ephemeral cert "means"?

For the "stable identity" situation Martin mentions, it's functionally 
equivalent to the certs used by SSH.

> I had a discussion with a colleague the other day about this - as far as
> I can tell, an ephemeral cert signed by no trusted party can be used for
> reassurance that the signalling channel and the media channel have
> either not been MITMed or that they have both been MITMed by the same
> attacker.

For an unsigned, one-time-use (or first-time-use) cert, that's my 
understanding. This is why the identity portion of the spec is so 
important, both for being complete and well-defined in the 1.0 spec, and 
for being implemented in WebRTC-supporting browsers.

/a
Received on Sunday, 6 September 2015 17:27:44 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:46 UTC