Time for another opinionated post. This time on… end-to-end encryption (e2ee). Zoom apparently claims it supports e2ee while it can not satisfy that promise. Is WebRTC any better? Zoom does not have End to End Encryption Let’s get to the bottom of things fast: Boo Zoom! I reviewed how Zoom’s implements their web client last […]
DTLS-SRTP
WebRTC and Man in the Middle Attacks
WebRTC is supposed to be secure. A lot more than previous VoIP standards. It isn’t because it uses any special new mechanism, but rather because it takes it seriously and mandates it for all sessions. Alan Johnston decided to take WebRTC for a MitM spin – checking how easy is it to devise a man-in-the-middle […]
WebRTC MUST implement DTLS-SRTP but… MUST NOT implement SDES?
As I anticipated in my post on WebRTC standardization, the IETF 87th meeting took place last week in Berlin, Germany. One of the agenda items for WebRTC was whether SDES should be part (and how) of WebRTC. According to the IETF drafts, any WebRTC compliant implementation must support the RTP/SAVPF profile which builds on top of […]