-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RTCCertificate Interface should (or should not) be backed up. #1694
Comments
@steely-glint Section 4.10.2 states: The secure module will generally not support retrieval of the private keying material so that we can't assume that private keying material can be stored and retrieved from persistent storage, only the public keys. |
I guess I'm taking issue with the 'persistent storage' - I'd argue that something that can't be backed up shouldn't be described as persistent. So I feel we should either change the 'persistent' to something else or we should specify a mechanism to back up the keys - ideally both public and private. |
@steely-glint Here is my take on the intended behavior. The specification says that the RTCCertificate represents a handle to both the X.509 certificate and the private key. That would seem to imply that when the RTCCertificate is stored and retrieved, that always includes both elements, regardless of whether the private key is stored in a secure module. The format for storage/retrieval isn't specified, but any format that can represent both the certificate and private key (e.g. PKCS12, PEM, etc.) would suffice. The storage is "persistent" across reboots, but while there is an internal slot for the private key, it cannot be retrieved in JS. Does this make sense? |
Yes, I think that is the intended behavior. From the user's perspective, if I have my phone stolen and I remote reset it, I expect to be able to restore all my apps and their state onto a new phone (assuming the replacement supports the same os). These certs are the single exception I can think of to that experience. If that is the intention, we should clearly state it, possibly flagging their semi-ephemeral nature with a warning to developers. |
in "4.10.2 RTCCertificate Interface"
we say
"The RTCCertificate object can be stored and retrieved from persistent storage by an application. "
It isn't clear if this should be backed when the rest of a browser is backed up or indeed sync'd (i.e. bookmarks etc).
In contrast to the rest of localStorage, there is no mechanism for a service to access the privateKeys - so no way for them to be backed up and restored (e.g. in case of a phone being immersed in water).
What is the intended behaviour?
The text was updated successfully, but these errors were encountered: