[webrtc-pc] Considering making RTCCertificate throw when serialized when _forStorage_ is false (#2257) from Anne van Kesteren via GitHub on 2019-08-06 (public-webrtc@w3.org from August 2019)

From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
Date: Tue, 06 Aug 2019 14:17:32 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-477408849-1565101051-sysbot+gh@w3.org>

annevk has just created a new issue for https://github.com/w3c/webrtc-pc:

== Considering making RTCCertificate throw when serialized when _forStorage_ is false ==
This would make `postMessage()` and friends throw and only allow same-origin usage of the object as seems to be intended. This would allow you to get rid of the `[[Origin]]` field and prevent inadvertent sharing of this object with untrusted origins (who might be able to Spectre-attack its contents at that point, unless the user agent has a more convoluted design whereby it only messages a pointer around and keeps the actual underlying data only in processes accessible to the origin that created it).

Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2257 using your GitHub account

Received on Tuesday, 6 August 2019 14:17:34 UTC