Open marten-seemann opened 1 year ago
I think it should be possible to include the server's domain name in the Noise extensions which would let the client check it is connected to the correct domain name, and thus assure the client the connection is secure if they dialed that domain name.
WebTransport currently only defines how to use self-signedf certificates, using
serverCertificateHashes
. It should be possible to use CA-signed certificates once https://github.com/w3c/webtransport/issues/411 is resolved.