W3C home > Mailing lists > Public > public-webscreens@w3.org > November 2017

Re: [openscreenprotocol] [QUIC] Investigate WebSocket layering onto QUIC

From: Tomoyuki Shimizu via GitHub <sysbot+gh@w3.org>
Date: Mon, 13 Nov 2017 06:01:12 +0000
To: public-webscreens@w3.org
Message-ID: <issue_comment.created-343822095-1510552870-sysbot+gh@w3.org>
> This is will become the major road blocker for HbbTV and ASTC since they both depend on non-secured local web server.

The problem with secure connection between devices in local network is that such a self-signed certificate is not trustworthy, because the certificate cannot be validated with root CA's certificate.

To solve this problem, we need to find another mechanism to validate whether the local server would be trustworthy or not without relying on root-CA-based PKI (e.g. J-PAKE, as we have discussed so far). I guess that such a trust model looks like overall problem with securing connections on open screen protocol, not limited to HbbTV or ATSC.

Anyway, some sort of addition or modification to TLS authentication mechanism or certificate management would be necessary for HbbTV and ATSC (and possibly Hybridcast in Japan), unless the user would be asked to install private CA to validate local server's certificate on their browser or OS.

Note that Hybridcast is facing the same problem, and eventually they are now using native apps instead of web browsers as a companion screen for Hybridcast.

-- 
GitHub Notification of comment by tomoyukilabs
Please view or discuss this issue at https://github.com/webscreens/openscreenprotocol/issues/62#issuecomment-343822095 using your GitHub account
Received on Monday, 13 November 2017 06:01:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:23:18 UTC