What happens if cert expires mid call ? #1318
Comments
|
Answer: nothing. It's just too hard to worry about these things. Life is too short. (FWIW, these little policy things are usually left to the endpoints to sort out. In HTTP-land, I don't think that anyone kills connection at this point, but they might and we probably will never see it outside of an artificial test. That test would be highly proprietary. That's because the rules by which a user agent determines that a certificate is "acceptable" vary considerably. There are some common things - a great many even - but the edges aren't always clear. I realize that this makes some people unhappy, but here's a free tip: don't let your certificates expire.) |
|
Oh, one thing that is important to note here: the certificate we have here is a bucket that contains a public key. The other trimmings - expiration time, subject, issuer, all that - is garbage, noise. Firefox doesn't check these, and nor should any other implementation. If you want to state that the only validity check on certificates is |
|
@fluffy any comment? |
|
Martin is right that nothing should happen. This is, btw, what happens with ordinarily WebPKI too |
|
@stefhak, that would more appropriately be a requirement on an IETF document (just as this issue would have been if it wasn't WONTFIX). |
|
Thanks @ekr and @martinthomson, closing per your comments. |
From https://lists.w3.org/Archives/Public/public-webrtc/2016Sep/0071.html
Assigning to @martinthomson
The text was updated successfully, but these errors were encountered: