📝WebRTC security

WebRTC media streaming is protected by SRTP. Unencrypted RTP is explicitly forbidden by WebRTC.

SRTP key management mechanism/exchange is not established by WebRTC. Two options are:

• SDES (SDP Security Descriptions for Media Streams)
  • this was first the preferred by WebRTC, but later they changed that
  • for SDES to be secure, signaling must be secured
  • I believe the signaling server knows the key
• DTLS-SRTP
  • DTLS is used to establish the master key and encryption parameters which are then used in SRTP
  • DTLS-SRTP is mandatory to support and should be the default.

Compared to RTP over DTLS, SRTP is more lightweight. However, SRTP exposes headers. In particular, SRTP exposes audio-level.

WebRTC Data Channel is protected by DTLS.