LGTM1 On Thursday, January 20, 2022 at 7:08:59 AM UTC+1 Victor Vasiliev wrote:
> Contact emails > > yhir...@chromium.org, vasi...@chromium.org > > Explainer > > https://github.com/w3c/webtransport/blob/main/explainer.md > > Spec > > > https://w3c.github.io/webtransport/#dom-webtransportoptions-servercertificatehashes > > WebTransport has been already covered by a series of TAG reviews (389 > <https://github.com/w3ctag/design-reviews/issues/389>, 669 > <https://github.com/w3ctag/design-reviews/issues/669>). > > Summary > > In WebTransport, the serverCertificateHashes option allows the website to > connect to a WebTransport server by authenticating the certificate against > the expected certificate hash instead of using the Web PKI. This feature > allows Web developers to connect to WebTransport servers that would > normally find obtaining a publicly trusted certificate challenging, such as > hosts that are not publically routable, or virtual machines that are > ephemeral in nature. > > During the WebTransport Intent to Ship email thread > <https://groups.google.com/a/chromium.org/g/blink-dev/c/kwC5wES3I4c>, > concerns were raised regarding the security considerations of this portion > of the spec being incomplete. We believe that we have addressed those > concerns (notably, in this PR > <https://github.com/w3c/webtransport/pull/375>). > Please followup on the PR to ensure it lands. Thanks! :) > In terms of the actual code behavior, the only major difference since > the previous thread is that we no longer allow RSA keys for the > certificates. > > Link to “Intent to Prototype” blink-dev discussion > > > https://groups.google.com/a/chromium.org/g/blink-dev/c/I6MS2kOKcx0/m/NAdg7Sc-CwAJ > > Is this feature supported on all six Blink platforms (Windows, Mac, Linux, > Chrome OS, Android, and Android WebView)? > > Yes. > > Debuggability > > The certificate-related errors for WebTransport sessions are logged into > the developer console. > > Measurement > > The use of this feature is tracked by the > WebTransportServerCertificateHashes use counter. > > Risks > > Interoperability and Compatibility > > There is some discussion about adding a mechanism to prevent websites from > using this feature via an HTTP header (either CSP or a new header). Some > of the proposals could potentially break existing usage under certain > conditions (e.g. if a webpage both uses serverCertificateHashes and has a > connect-src directive, and we decide to extend connect-src); I expect for > those cases to be sufficiently niche to ultimately not be a problem, and > the question itself is of fairly low priority as there does not seem to be > a strong security reason for a website to restrict serverCertificateHashes. > Are you planning to file a separate intent once those plans materialize? > > Gecko: worth prototyping > <https://github.com/mozilla/standards-positions/issues/167#issuecomment-1015951396> > > WebKit: no signal > <https://lists.webkit.org/pipermail/webkit-dev/2021-September/031980.html> > > Web / Framework developers: positive (we have received indication in the > past that serverCertificateHashes is a blocker for migrating from WebRTC at > least one of them) > > Ergonomics > > The API is roughly modeled after a similar WebRTC API > (RtcDtlsFingerprint), with a noted improvement that the certificate hash no > longer requires to be serialized into a specific format. > > Activation > > Using this feature would require web developers to design their > application in a way that supports generating and distributing ephemeral > certificates on demand. > > Security > > Security considerations for this feature are discussed at length in PR > #375 > <https://pr-preview.s3.amazonaws.com/vasilvv/web-transport/pull/375.html#certificate-hashes> > . > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>? > > Link to test suite results from wpt.fyi. > > WebTransport itself is tested by web-platform-tests; this specific feature > requires infra support that is currently not available (issue > <https://github.com/web-platform-tests/wpt/issues/32463>). > > Entry on the feature dashboard <http://www.chromestatus.com/> > > https://chromestatus.com/feature/5690646332440576 > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2a591c7e-ef31-4015-8b34-256e12bcfce3n%40chromium.org.
