webtransport: define how to use CA-signed certificates

libp2p / specs

Technical specifications for the libp2p networking stack

https://libp2p.io

1.55k stars 273 forks source link

webtransport: define how to use CA-signed certificates #507

Open marten-seemann opened 1 year ago

marten-seemann commented 1 year ago

WebTransport currently only defines how to use self-signedf certificates, using serverCertificateHashes. It should be possible to use CA-signed certificates once https://github.com/w3c/webtransport/issues/411 is resolved.

MarcoPolo commented 1 year ago

I think it should be possible to include the server's domain name in the Noise extensions which would let the client check it is connected to the correct domain name, and thus assure the client the connection is secure if they dialed that domain name.