webRTCCopy icon indicating copy to clipboard operation
webRTCCopy copied to clipboard

Published 20 hours ago verified publisher icon erbbysam

OTR Encryption

Open CoinDev opened this issue 10 years ago • 1 comments

You have concluded that the WebRTC Encryption layer is at parity with OTR?

CoinDev avatar Mar 14 '14 21:03 CoinDev

I'm really torn on this topic. Assuming DTLS over webrtc offers PFS, it should be at parity, however, in both cases you are trusting the server (DTLS - for signalling as identity providers has not been standardized yet. OTR - for the server to deliver the JS crypto). I've only removed the OTR functionality from the code that runs on rtccopy.com as an end user shouldn't trust the server to deliver non-compromised OTR JS. The code in this github repo still have that functionality such that an end user could host it themselves (on a trusted server, even if rtccopy.com is still used for signalling, it should be safe). I really need to document this better as there's really no good solution at this time until WebRTC identity servers get standardized or JS crypto can somehow be run in a more secure fashion.

erbbysam avatar Mar 23 '14 19:03 erbbysam