Consider making RTCCertificate throw when serialized when _forStorage_ is false

[annevk]

This would make postMessage() and friends throw and only allow same-origin usage of the object as seems to be intended. This would allow you to get rid of the [[Origin]] field and prevent inadvertent sharing of this object with untrusted origins (who might be able to Spectre-attack its contents at that point, unless the user agent has a more convoluted design whereby it only messages a pointer around and keeps the actual underlying data only in processes accessible to the origin that created it).

[dontcallmedom]

TPAC discussion points toward keeping the capability to use postMessage, maybe limiting it to same-origin communication and calling attention to security risks.

[jan-ivar]

@annevk Anything else we can do here to somehow limit postMessage use to same origin?

[annevk]

I have an idea for a de#spired by you at whatwg/html#4939. I'd like to know if others are somewhat okay with it before writing the text though. I can file a new issue once that's in place.