Turn server, Perc and security doubts

Hi everyone,

We are building an app for ios and android using Jitsi sdk, so first all thank you to everybody has contribuited to create the great jitsi.

My question is more concerning the security where i have some doubts: recently i read a lot online about Webrtc and security and what i’ve understood is that Jitsi videobridge is not e2e encrypted but hop-to-hop encrypted because the media is decrypted on the server before to be forwarded to the peers using the integrated turn server jvb.

Is there any option natively in jitsi to offer a e2e experience? for example, could there be improvements using an external turn server instead using jvb?
(that from what i read is something more complex than just a relay turn server.)

Also i have read good things about Perc implementations that should be already in some parts of jitsi or using extended libwebrtc libraries.

If someone could clear me the ideas about this, may be could be useful also for other persons here.

thank you
m.

This is correct.

Not at the moment. A TURN server will just help you traverse NATs, but if you are having a multy-party conference you’ll end up in the bridge anyway.

That’s partially correct. The problem is that for something like PERC to work it needs to be implemented by all WebRTC endpoints, and that’s not the case currently. There are ongoing efforts to offer a “per frame encryption API” (sorry, I couldn’t find the documents, but there is the Chromium bug: https://bugs.chromium.org/p/webrtc/issues/detail?id=9681) which would allow applications to bring in their own per frame encryption, likely using a WASM library. With this and frame markings, it will be possible to have E2E encrypted calls while traversing the bridge.

AFAICT that is not ready for user consumption yet.

Hope that helps!

Hi Saghul,

Thank you for your reply, now everything is more clear here.