Jitsi e2ee

Hey!

If I understand correctly Jitsi’s video and phone conference are encrypted via DTLS-SRTP passing through the network but are decrypted by the VideoBridge media server (then encrypted again to serve the media to the participants). For that reason, the videobridge server has to be trusted. Is there any work being done to provide that security even at the media server level? Also, have you guys taken a look at sframe?

was announced here. It’s available now on the Jitsi platform and stable version on open source software. It’s still beta but it’s usable.

Interesting, thanks for sharing! Reading it, is it correct to say that phone calls through SIP client are not E2EE since it doesn’t use Insertable Streams?

while I don’t use SIP myself I’d say that it’s likely. Theoretically SIP can be used by dumb POT phones (they still exist) and they are definitely not E2EE capable.

1 Like