[webrtc-pc] either full check certs or explain why it's not necessary (4.4.1.1 Constructor) from Samuel Weiler via GitHub on 2018-03-17 (public-webrtc@w3.org from March 2018)

From: Samuel Weiler via GitHub <sysbot+gh@w3.org>
Date: Sat, 17 Mar 2018 14:25:07 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-306160435-1521296705-sysbot+gh@w3.org>

samuelweiler has just created a new issue for https://github.com/w3c/webrtc-pc:

== either full check certs or explain why it's not necessary (4.4.1.1 Constructor) ==
4.4.1.1 tells the user agent to check a certification expiration but not anything else. ("If the certificates value in configuration is non-empty, check that the expires on each value is in the future.")  Harold has argued that this certificate is just a carrier and that checking the expiry here is a user experience enhancement only - it has no security benefit.  If he's right, please add a sentence or two explaining that.  If he's wrong, then some other things in the cert likely need to be checked.

Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1808 using your GitHub account

Received on Saturday, 17 March 2018 14:25:09 UTC