webtransport: define how to use CA-signed certificates
marten-seemann opened this issue · 1 comments
marten-seemann commented
WebTransport currently only defines how to use self-signedf certificates, using serverCertificateHashes
.
It should be possible to use CA-signed certificates once w3c/webtransport#411 is resolved.
MarcoPolo commented
I think it should be possible to include the server's domain name in the Noise extensions which would let the client check it is connected to the correct domain name, and thus assure the client the connection is secure if they dialed that domain name.