I am interested in experimenting with
WebRTC data streams as a method of low-latency communication between peers in multiplayer games in the browser, but have read that
WebRTC is always encrypted. From webrtc-security.github.io/
Encryption is a mandatory feature of WebRTC, and is enforced on all components, including signaling mechanisms. Resultantly, all media streams sent over WebRTC are securely encrypted, enacted through standardised and well-known encryption protocols. The encryption protocol used depends on the channel type; data streams are encrypted using
Datagram Transport Layer Security (DTLS)and media streams are encrypted using
Secure Real-time Transport Protocol (SRTP).
It seems odd to me to have encryption so tightly coupled in this way. I can think of contexts where mandatory encryption is a hindrance, like multiplayer gaming where data transferred is non-sensitive and having to encrypt/decrypt data is unnecessary overhead, however small.
WebSockets communication is encrypted further down the stack by
TLS if present, but the option of communicating over plain TCP is available as well.
Am I misunderstanding this or is there a reason why it was decided that all WebRTC communication must be encrypted?
Read more here: Source link