-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider removing serverCertificateHashes #623
Comments
I do not understand this comparison. What does Web Push or middleware has to do with serverCertificateHashes?
This is not correct; the motivation for this feature is to provide the ability to connect to endpoints that cannot have a publicly trusted certificate, in order to have feature parity with WebRTC in that regard. The original reasoning for adding it is documented in #18. Since that discussion happened, more motivation came from scenarios like WICG/private-network-access#23. |
The risk that people will just use a shared private certificate across a range of devices just to get this to work without actually caring much about end user security. And while there is definitely a need for some kind of HTTPS for local networks, we should not solve it on a per-API basis. |
WebRTC is peer-to-peer hence the current solution for WebRTC. |
We have discussed this issue previously in #349; this resulted in an expiry requirement being added, as documented in https://w3c.github.io/webtransport/#certificate-hashes. |
I don't see how that addresses the concern. You can generate fresh certificates with a shared private key quite easily, but it's not actually secure. |
I don't believe this is in any way different from regular Web PKI certificates. |
Meeting:
|
@vasilvv regular certificates have all kinds of safeguards, including being able to distrust the root if practices like this were to be discovered. |
As far as I am aware, there isn't anything in CA/B BR that requires CAs to check for private key reuse; furthermore, as far as I am aware, reusing private keys is not uncommon in practice. |
Just a few thoughts: I use the hashes for: Regarding reusing certificates: Support in Firefox: Of course, I would prefer that Webkit support the hashes. But for a web app it may also be an option to recommend other browsers if European DMA results in Gecko and Blink appearing on iOS etc. |
Without more restrictions this feature could lead to the same kind of problem plaguing Web Push, where messages are not end-to-end encrypted because it's easier to let middleware worry about the complexity of encryption and dealing with the Web Browser Endpoint in general.
I also heard that the main motivation for this feature is local development and testing, which does not meet the high bar we have for web platform features.
As things stand today WebKit does not intend to implement this.
The text was updated successfully, but these errors were encountered: