Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

webtransport: move certhash verification to the client #455

Merged

Conversation

marten-seemann
Copy link
Contributor

This PR is targeting #404, not master.

This implements the proposal discussed in https://github.com/libp2p/specs/pull/404/files#r968836367.

Copy link
Member

@mxinden mxinden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

but cannot determine which certificate was actually used to establish the connection (this will commonly be the case for browser clients)

Oh, that is unfortunate.

@marten-seemann marten-seemann merged commit b5d3deb into webtransport Sep 20, 2022
@marten-seemann marten-seemann deleted the webtransport-client-certhash-verification branch September 20, 2022 18:35
marten-seemann added a commit that referenced this pull request Oct 12, 2022
* add a draft for the WebTransport spec

* describe the HTTP endpoint

* improve introduction

Co-authored-by: Melanie Riise <[email protected]>

* use Noise to check end-to-end encryption of the WebTransport connection

* define protobuf to encode certificate hashes

* use a separate multiaddr component for certificate hashes

* remove server mode using CA signed certificates

* apply suggestions from code review

Co-authored-by: Marcin Rataj <[email protected]>
Co-authored-by: Max Inden <[email protected]>

* webtransport: move certhash verification to the client (#455)

* webtransport: remove confusion around Noise handshake completion

* webtransport: update certificate generation logic

* webtransport: link to Noise Extensions spec

* webtransport: move spec to Candidate Recommendation

* webtransport: remove misleading mention of hole punching

* webtransport: fix typos

* webtransport: add interest group

* webtransport: add link to Firefox meta-issue

* webtransport: soften language around URL multiaddr encoding

* webtransport: clarify that WebTransport over HTTP/3 is meant

* webtransport: fix typo

Co-authored-by: Elena Frank <[email protected]>

* webtransport: clarify certificate regeneration logic

* webtransport: fix typos

Co-authored-by: Elena Frank <[email protected]>

* webtransport: allow use of CA-signed certificates

* address minor issues raised in code review

* clarify that servers with a CA-signed certificate don't use /certhash

Co-authored-by: Melanie Riise <[email protected]>
Co-authored-by: Marcin Rataj <[email protected]>
Co-authored-by: Max Inden <[email protected]>
Co-authored-by: Elena Frank <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants