All WebRTC needs to be as secure as a service like ostel.me is a browser extension implementing ZRTP authentication between you and the callee. This approach does not rely on PKI and does not need a server in between caller and callee.
Also the ZRTP authentication string some of you are seeing today in WebRTC is not end-to-end ZRTP it is only the ZRTP fingerprint between the SIP server and a ZRTP compatable SIP client like CSipSimple. Make sense? A -------- Original Message -------- From: Al Billings <[email protected]> Sent: Thu Jan 23 14:12:46 CST 2014 To: liberationtech <[email protected]> Subject: Re: [liberationtech] WebRTC - voice authentication to the rescue "One of the interesting aspects of WebRTC is that it has encryption baked right into it; there's actually no way to send unencrypted media using a WebRTC implementation. The developing specifications currently use DTLS-SRTP keying[1], and that's what both Chrome and Firefox implement.” http://sporadicdispatches.blogspot.com/2013/06/webrtc-security-and-confidentiality.html ------------------------------------------------------------------------ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected]. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
