📝WebRTC security

WebRTC media streaming is protected by SRTP. Unencrypted RTP is explicitly forbidden by WebRTC.

SRTP key management mechanism/exchange is not established by WebRTC. Two options are:

• SDES (SDP Security Descriptions for Media Streams)

  • this was first the preferred by WebRTC, but later they changed that

  • for SDES to be secure, signaling must be secured

  • I believe the signaling server knows the key

• DTLS-SRTP

  • DTLS is used to establish the master key and encryption parameters which are then used in SRTP

  • DTLS-SRTP is mandatory to support and should be the default.

Compared to RTP over DTLS, SRTP is more lightweight. However, SRTP exposes headers. In particular, SRTP exposes audio-level.

WebRTC Data Channel is protected by DTLS.