Contact emails yhir...@chromium.org, vasi...@chromium.org
Explainer https://github.com/w3c/webtransport/blob/main/explainer.md Spec https://w3c.github.io/webtransport/#dom-webtransportoptions-servercertificatehashes WebTransport has been already covered by a series of TAG reviews (389 <https://github.com/w3ctag/design-reviews/issues/389>, 669 <https://github.com/w3ctag/design-reviews/issues/669>). Summary In WebTransport, the serverCertificateHashes option allows the website to connect to a WebTransport server by authenticating the certificate against the expected certificate hash instead of using the Web PKI. This feature allows Web developers to connect to WebTransport servers that would normally find obtaining a publicly trusted certificate challenging, such as hosts that are not publically routable, or virtual machines that are ephemeral in nature. During the WebTransport Intent to Ship email thread <https://groups.google.com/a/chromium.org/g/blink-dev/c/kwC5wES3I4c>, concerns were raised regarding the security considerations of this portion of the spec being incomplete. We believe that we have addressed those concerns (notably, in this PR <https://github.com/w3c/webtransport/pull/375>). In terms of the actual code behavior, the only major difference since the previous thread is that we no longer allow RSA keys for the certificates. Link to “Intent to Prototype” blink-dev discussion https://groups.google.com/a/chromium.org/g/blink-dev/c/I6MS2kOKcx0/m/NAdg7Sc-CwAJ Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? Yes. Debuggability The certificate-related errors for WebTransport sessions are logged into the developer console. Measurement The use of this feature is tracked by the WebTransportServerCertificateHashes use counter. Risks Interoperability and Compatibility There is some discussion about adding a mechanism to prevent websites from using this feature via an HTTP header (either CSP or a new header). Some of the proposals could potentially break existing usage under certain conditions (e.g. if a webpage both uses serverCertificateHashes and has a connect-src directive, and we decide to extend connect-src); I expect for those cases to be sufficiently niche to ultimately not be a problem, and the question itself is of fairly low priority as there does not seem to be a strong security reason for a website to restrict serverCertificateHashes. Gecko: worth prototyping <https://github.com/mozilla/standards-positions/issues/167#issuecomment-1015951396> WebKit: no signal <https://lists.webkit.org/pipermail/webkit-dev/2021-September/031980.html> Web / Framework developers: positive (we have received indication in the past that serverCertificateHashes is a blocker for migrating from WebRTC at least one of them) Ergonomics The API is roughly modeled after a similar WebRTC API (RtcDtlsFingerprint), with a noted improvement that the certificate hash no longer requires to be serialized into a specific format. Activation Using this feature would require web developers to design their application in a way that supports generating and distributing ephemeral certificates on demand. Security Security considerations for this feature are discussed at length in PR #375 <https://pr-preview.s3.amazonaws.com/vasilvv/web-transport/pull/375.html#certificate-hashes> . Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>? Link to test suite results from wpt.fyi. WebTransport itself is tested by web-platform-tests; this specific feature requires infra support that is currently not available (issue <https://github.com/web-platform-tests/wpt/issues/32463>). Entry on the feature dashboard <http://www.chromestatus.com/> https://chromestatus.com/feature/5690646332440576 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAZdMadAk5z-V7m8L_oVNyPGmE8An%2BcVEKsfSeOTDe9hEbKd-Q%40mail.gmail.com.
