How do peers involved in a p2p communication authenticate each other?

自闭症网瘾萝莉.ら 提交于 2021-02-05 12:22:04

问题


How do peers in WebRTC authenticate each other?


回答1:


DTLS in WebRTC uses self-signed certificates. RFC 5763 has the details, in a nutshell the certificate fingerprint is matched against the one provided in the a=fingerprint line of the SDP.




回答2:


As the comment from Patrick Mevzek already mentioned:

It doesn't depend on DTLS or TLS, if a self-signed certificate is trusted/accepted.

This depends only from the peer's trusted certificates. If the client's or server's certificate path/chain contains a certificate, which signature could be verified by a trusted certificate, then it's assumed to be trusted. There maybe some additional checks as valid time or key-usage or the hostname. The trusted certificates are usually stored in a "trust store". So, if your server should use such a self-signed certificate, add that self-signed to your client's trust-store. If the client then receives just that self-signed certificate as path, it checks, if the signer (in that case the certificate itself) is in the trust store.

What doesn't work with such self-signed certificates is that other clients, which haven't added that certificate to their trust store, will trust that server.

How do peers in p2p systems like Webrtc authenticate each other?

If these peers add the certificate of the other into their trust store ahead, then they will trust each other.

Do they require a certificate from a CA?

If you can't add the other's certificate ahead, then you need certificates, which are signed by a CA (certificate), which is already in the trust store of the peer's.



来源:https://stackoverflow.com/questions/64058519/how-do-peers-involved-in-a-p2p-communication-authenticate-each-other

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!