W3C home > Mailing lists > Public > public-webrtc@w3.org > November 2019

[webrtc-pc] RTCCertificate security boundary (#2343)

From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
Date: Fri, 01 Nov 2019 13:08:33 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-516102218-1572613712-sysbot+gh@w3.org>
annevk has just created a new issue for https://github.com/w3c/webrtc-pc:

== RTCCertificate security boundary ==
In https://github.com/whatwg/html/issues/4939 I've been exploring infrastructure for objects which we'd like to limit to the same-origin. The only real security boundary we have for objects is agents and their container, agent clusters, and they are per site+scheme (so contain multiple origins).

That is, while we could make deserializing X fail on B if serializing X happened on A, we cannot necessarily prevent A from sharing X with B, if A and B are same-site and same-scheme.

This means, that if step 4.2 of https://w3c.github.io/webrtc-pc/#constructor is crucial for some reason not related to the ability for B to "read" X, we cannot really simplify RTCCertificate much. `[Serializable=SameOrigin]` might still be good to signal intent, but it would not allow removing `[[Origin]]` as A can still share X with B using `document.domain`.

(I should note that in general it's a little weird for objects to carry around an origin as messaging is supposed to be about object capabilities, but I think I can see how for a certificate that might be different.)

cc @jan-ivar 

Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2343 using your GitHub account
Received on Friday, 1 November 2019 13:08:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:50 UTC