{"id":40141,"date":"2020-05-14T00:00:00","date_gmt":"2020-05-14T00:00:00","guid":{"rendered":"https:\/\/newrcblog.wpengine.com\/security-by-webrtc-or-security-by-obscurity\/"},"modified":"2022-12-30T07:02:31","modified_gmt":"2022-12-30T15:02:31","slug":"security-by-webrtc-or-security-by-obscurity","status":"publish","type":"post","link":"\/us\/en\/blog\/security-by-webrtc-or-security-by-obscurity\/","title":{"rendered":"Security by WebRTC or security by obscurity?"},"content":{"rendered":"

H.323, SIP, XMPP are the most popular and widely known signaling protocols for VoIP and video conferencing. They all can be encrypted and made private per their specification, but none of them mandate encryption. They don\u2019t mandate encryption for the signaling itself and certainly not for the media. This leaves the encryption decisions the people deploying them.<\/p>\n

WebRTC is different in that regard. Encryption is built-in.<\/p>\n

There are three things that make WebRTC such a great solution for the security conscious, and I\u2019d like to point them here.<\/p>\n

1. Usability and low friction<\/h2>\n

In some applications, activating encryption requires admins and hosts to specify certain settings. This adds unnecessary steps to account configuration and meeting scheduling.<\/p>\n

By adopting a WebRTC-based service, attendees are no longer forced to download and install a third party application, admins are not forced to activate encryption at an account level and hosts don\u2019t need to choose whether to have encryption active or not for their meetings.<\/p>\n

WebRTC offers a low friction solution that addresses each of these scenarios without compromising security. How does this work? WebRTC is part of the HTML5 specification and is already part of modern browsers, such as Chrome and Microsoft Edge.<\/p>\n

2. Open standard<\/h2>\n

Open standards are available for scrutiny and testing. The end result is a standard that is continuously analyzed and improved, with information made available to the public when issues are discovered.<\/p>\n

WebRTC takes the open security approach by being a standard specification that makes use of other, previously popular and widely used open standard specifications such as TLS, DTLS and SRTP.<\/p>\n

3. Secure by design<\/h2>\n

With WebRTC, security isn\u2019t optional. It is there intentionally and purposefully.<\/p>\n

Browsers are one of the most popular applications we run on our endpoints today. They undergo a great deal of scrutiny in the public domain, as do the open standards that they make use of.<\/p>\n

To that end, WebRTC makes use of multiple security and privacy mechanisms. These include:<\/p>\n