Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

webtransport: move certhash verification to the client #455

Merged
merged 1 commit into from
Sep 20, 2022
Merged

webtransport: move certhash verification to the client #455

merged 1 commit into from
Sep 20, 2022

Conversation

marten-seemann
Copy link
Contributor

This PR is targeting #404, not master.

This implements the proposal discussed in https://github.com/libp2p/specs/pull/404/files#r968836367.

This was referenced Sep 16, 2022
Merged
Merged
mxinden
mxinden approved these changes Sep 16, 2022
View reviewed changes
Copy link
Member

@mxinden mxinden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

but cannot determine which certificate was actually used to establish the connection (this will commonly be the case for browser clients)

Oh, that is unfortunate.

@marten-seemann marten-seemann merged commit b5d3deb into webtransport Sep 20, 2022
@marten-seemann marten-seemann deleted the webtransport-client-certhash-verification branch September 20, 2022 18:35
marten-seemann added a commit that referenced this pull request Sep 28, 2022
@marten-seemann
webtransport: move certhash verification to the client (#455)
2cec2b3
marten-seemann added a commit that referenced this pull request Oct 12, 2022
@marten-seemann @mriise
@lidel @mxinden @elenaf9
add a WebTransport spec (#404)
12f9a31 
* add a draft for the WebTransport spec

* describe the HTTP endpoint

* improve introduction

Co-authored-by: Melanie Riise <mark.riise26@gmail.com>

* use Noise to check end-to-end encryption of the WebTransport connection

* define protobuf to encode certificate hashes

* use a separate multiaddr component for certificate hashes

* remove server mode using CA signed certificates

* apply suggestions from code review

Co-authored-by: Marcin Rataj <lidel@lidel.org>
Co-authored-by: Max Inden <mail@max-inden.de>

* webtransport: move certhash verification to the client (#455)

* webtransport: remove confusion around Noise handshake completion

* webtransport: update certificate generation logic

* webtransport: link to Noise Extensions spec

* webtransport: move spec to Candidate Recommendation

* webtransport: remove misleading mention of hole punching

* webtransport: fix typos

* webtransport: add interest group

* webtransport: add link to Firefox meta-issue

* webtransport: soften language around URL multiaddr encoding

* webtransport: clarify that WebTransport over HTTP/3 is meant

* webtransport: fix typo

Co-authored-by: Elena Frank <elena.frank@protonmail.com>

* webtransport: clarify certificate regeneration logic

* webtransport: fix typos

Co-authored-by: Elena Frank <elena.frank@protonmail.com>

* webtransport: allow use of CA-signed certificates

* address minor issues raised in code review

* clarify that servers with a CA-signed certificate don't use /certhash

Co-authored-by: Melanie Riise <mark.riise26@gmail.com>
Co-authored-by: Marcin Rataj <lidel@lidel.org>
Co-authored-by: Max Inden <mail@max-inden.de>
Co-authored-by: Elena Frank <elena.frank@protonmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mxinden mxinden mxinden approved these changes

@MarcoPolo MarcoPolo MarcoPolo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marten-seemann @MarcoPolo @mxinden