I recently read this on WebRTC security: https://webrtc-security.github.io/
It has one reference to E2EE - end to end encryption.
Can I confirm my summary interpretation with this esteemed group?
Basically, if we start with the assumption that a browser offers a trusted sandbox for video initiation/termination (sender to receiver) - a BIG assumption. Then we apply DTLS and other Web security services we encrypt the channel of communication to lock out MitM.
However this is NOT the same as E2EE as offered by services like Webex or perhaps Whatsapp, because the service providers themselves cannot decrypt the content as they don’t have the keys. Whereas in WebRTC a nation state could demand access to the video content from the service provider by demanding key access.
So for those people worried about state interference WebRTC does not provide E2EE as its “normally” used at the media level (e.g. as Zoom recently got castigated for stating in their platform when in fact all they offered was TLS/SSL…although I realsie WebRTC is better than TLS/SSL alone due to sandboxed end points).
Please comment on my last statement - which i am not sure is correct.