[webrtc-pc] getRemoteCertificates use-case (#2503) from Arnaud Durand via GitHub on 2020-03-30 (public-webrtc@w3.org from March 2020)

From: Arnaud Durand via GitHub <sysbot+gh@w3.org>
Date: Mon, 30 Mar 2020 14:51:41 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-590354778-1585579900-sysbot+gh@w3.org>

DurandA has just created a new issue for https://github.com/w3c/webrtc-pc:

== getRemoteCertificates use-case ==
Is it valid for a WebRTC application to manually check the certificate of a connected peer (i.e. comparing the fingerprint against a known value)? The intended purpose of [_getRemoteCertificates_](https://w3c.github.io/webrtc-pc/#dom-rtcdtlstransport-getremotecertificates_) is not stated explicitly.

Additional, I found this in the WebRTC 1.0 API:

> When establishing DTLS connections, the WebRTC API can generate certificates that can be persisted by the application (e.g. in IndexedDB). These certificates are not shared across origins, and get cleared when persistent storage is cleared for the origin.

I'm not sure if this is for performance reason (so that a certificate don't need to be re-generated each time) or on purpose so that applications can store known peer identities.

I am sorry to ask a question here rather than on Stack Overflow but I am looking for an authoritative answer as it is not clear from the specs what is the intended use-case.

Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2503 using your GitHub account

Received on Monday, 30 March 2020 14:51:44 UTC