- From: Dmitriy Tsvettsikh via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 Oct 2018 00:20:43 +0000
- To: public-webrtc@w3.org
reklatsmasters has just created a new issue for https://github.com/w3c/webrtc-pc: == Use PSK key exchange in DTLS transport instead of certificates == If i understand correctly, the way of establish secure connection is: * generate self-signed certificate with ECDSA key * share certificate fingerprint through exising secure channel inside SDP * check certificates in dtls handshake process I think certificates is complex and absolutely unneeded part of WebRTC. The `PSK` key exchange is much easier and do the same thinks. The ideal cipher suite to use in WebRTC is [RFC8442](https://tools.ietf.org/html/rfc8442) wich provides Perfect Forward Secrecy (ECDHE_PSK) and modern cipers (AEAD). Besides, the `PSK` key exchange makes dtls handshake faster, see [RFC4279](https://tools.ietf.org/html/rfc4279#section-2): > The Certificate and CertificateRequest payloads are omitted from the response.<...> If no hint is provided, the ServerKeyExchange message is omitted. Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2007 using your GitHub account
Received on Wednesday, 17 October 2018 00:20:44 UTC