webtransport: define how to use CA-signed certificates

Question

webtransport: define how to use CA-signed certificates

marten-seemann opened this issue 2 years ago · 1 comments

WebTransport currently only defines how to use self-signedf certificates, using serverCertificateHashes.
It should be possible to use CA-signed certificates once w3c/webtransport#411 is resolved.

Answer 1 · 2023-07-06T18:18:38.000Z

I think it should be possible to include the server's domain name in the Noise extensions which would let the client check it is connected to the correct domain name, and thus assure the client the connection is secure if they dialed that domain name.