Intent to Implement & Ship: RTCCertificate.getFingerprints()

58 views
Skip to first unread message

Henrik Boström

unread,
May 5, 2017, 9:35:46 AM5/5/17
to blink-dev

Contact emails

hb...@chromium.org, gui...@chromium.org


Spec


Summary

RTCCertificate is a certificate that has been generated by RTCPeerConnetion.generateCertificate(). RTCCertificate.getFingerprints() allows you to easily read the fingerprint of such a certificate, which is the text string hash that is used in the offer/answer SDP that is exchanged between clients that connect with each other.


Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes.


Interoperability and Compatibility Risk

Edge: No signals

Firefox: Public support

Safari: No signals

Web developers: No signals


Is this feature fully tested by web-platform-tests?

No. I filed https://github.com/w3c/web-platform-tests/issues/5796


OWP launch tracking bug


Entry on the feature dashboard


Tim Panton

unread,
May 6, 2017, 12:25:42 PM5/6/17
to blink-dev
I'm a web developer, and this would save me considerable pain. 
Currently we create (or retrieve from indexdb) a certificate, set it on a peerconnection and create a dummy offer,
we then parse the resulting SDP to get the certificate's fingerprint.

Positive signal here....

T.

Jochen Eisinger

unread,
May 9, 2017, 12:39:23 PM5/9/17
to Tim Panton, blink-dev
Henrik, can you please point me at the security review of the certificate system for RTC?

Henrik Boström

unread,
May 23, 2017, 7:29:18 AM5/23/17
to blink-dev, tim.p...@gmail.com
This should have no new security implications. As Tim pointed out, the fingerprint information is already accessible through some hassle involving parsing SDP. That said I'll try to point you to previous security reviews, I just need to figure out who to ask, cc'd you to an email.

In the meantime, PTAL?

Philip Jägenstedt

unread,
May 23, 2017, 7:35:02 AM5/23/17
to Henrik Boström, blink-dev, tim.p...@gmail.com
LGTM1 conditional on Jochen being happy with the security review.

https://github.com/w3c/web-platform-tests/issues/5796 should get resolved by the ongoing effort to write tests for WebRTC, commented.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/55f37fa3-c345-43dd-beeb-87a42726fb52%40chromium.org.

Jochen Eisinger

unread,
May 24, 2017, 4:08:01 PM5/24/17
to Philip Jägenstedt, Henrik Boström, blink-dev, tim.p...@gmail.com
lgtm2 - still working with Henrik et al to hunt down the original security review, but I don't think this particular feature needs to be blocked on that

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYdoLG54q7C9-GLEDLy2vpEvPnhcjzpFqVjis6h3aE5i-g%40mail.gmail.com.

Rick Byers

unread,
May 24, 2017, 9:59:46 PM5/24/17
to Jochen Eisinger, Philip Jägenstedt, Henrik Boström, blink-dev, tim.p...@gmail.com
LGTM3

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjhuicMkC7ntBiM_tARB0M0kmtzZTQ_hos2V9F5W6M%2Bp9oizQ%40mail.gmail.com.

Reply all
Reply to author
Forward
0 new messages