search

w3c / webrtc-identity

Specification of the Identity framework for WebRTC
https://w3c.github.io/webrtc-identity/
Other
4 stars 12 forks source link

Origin value for IdP proxy script #10

Open dontcallmedom opened 7 years ago

dontcallmedom commented 7 years ago

Initially raised by @soareschen at https://github.com/w3c/webrtc-pc/issues/1504

In rtcweb-security-arch section 6.4.1. PeerConnection Origin Check:

In order to prevent this attack, we require that all signatures be tied to a specific origin ("rtcweb://...") which cannot be produced by content JavaScript.

Does this means that in section 9.1.2 Instantiating an IdP Proxy, it should specify that the origin value inside the IdP proxy script would be using the rtcweb:// protocol instead of https://?

dontcallmedom commented 7 years ago

Comment by @martinthomson

See https://github.com/rtcweb-wg/security-arch/issues/41