BiagioFesta / wtransport

Async-friendly WebTransport implementation in Rust
Apache License 2.0
454 stars 31 forks source link

How to get credentials outside of a demo example #130

Open cBournhonesque opened 9 months ago

cBournhonesque commented 9 months ago

Hi,

I got a test working where I'm generating self-signed certificates; which I need to include in the client with the server_certificate_hashes option.

But in a real use-case where I deploy my server, how would clients get correct credentials?

BiagioFesta commented 9 months ago

Generally, for PROD environments the server should present a valid (trusted by known CA) certificate and serverCertificateHashes is not required (as client can validate the proper certificate). So PROD environment should rely on PKI mechanisms.

I intend serverCertificateHashes more for Development/Testing environment, also because there are a few constraints on its usage: see requirements here. For instance, the certificate validity period cannot be more than 2 weeks.


Having said that, I don't know if you already had a look at wtransport/examples/full.rs.

In that example, the server is also serving the web resources (the client web application), and when the server starts the certificates is injected in the javascript.

With this approach, the web client is "dynamic" and can always be potentially updated by the server itself with its hash.

cBournhonesque commented 9 months ago

Thanks!

BiagioFesta commented 9 months ago

Sorry, PKI stands for Public Key Infrastructure, it is how generally certificate infrastructure works.

What I meant is: if you have a PROD environment you should rely on good practices like serving a certificate that clients can check against a well-known trusted authority (CA).

There are free solution to sign a certificate, for example: https://letsencrypt.org/

MOZGIII commented 7 months ago

@cBournhonesque consider using xwt-cert-utils if you need this in wasm. wtransport doesn't build in wasm.

@BiagioFesta serverCertificateHashes is absolutely intended for production environments, as they can provide even better transport security by requiring that the server an exact certificate that matches the requested hash. This gives the application a chance to defend against MITM attacks that compromise the Web PKI root certs storage of the client. Those have been quite prominent in the wild lately, and before the serverCertificateHashes capabilities you'd need a native app to defend against those. So, the serverCertificateHashes is very useful as an intended way of running production.