Vault_Security

SDP is the foundational handshake language of WebRTC. Before two peers can communicate, they must mutually describe their capabilities in a structured plaintext format. An SDP document contains: the media types supported (audio, video, data), the codec preferences in priority order, the network ports available, the encryption fingerprint (a hash of the DTLS certificate), and the ICE credentials (username fragment + password).

The process begins when Peer A creates an "SDP Offer" — a declaration of what it wants to do and what it supports. This offer is transmitted through the signaling server to Peer B. Peer B examines the offer, selects compatible parameters from its own capabilities, and returns an "SDP Answer" — a confirmation and counter-declaration. This two-step exchange is called the "Offer/Answer" model and is derived from the JSEP (JavaScript Session Establishment Protocol) specification.

Once both SDPs are exchanged and applied via setLocalDescription() and setRemoteDescription(), the peers have a shared understanding of the session parameters. No actual media or data flows yet — SDP purely negotiates the terms of the connection.

ICE is the algorithm that discovers how two peers on the modern internet — separated by NATs, firewalls, and carrier-grade routing — can actually reach each other. The internet's wide deployment of Network Address Translation (NAT) means most devices do not have a publicly routable IP address. ICE solves this through a three-tier candidate discovery process.

First, the browser gathers "Host Candidates" — the device's own local IP addresses and ports. These work when both peers are on the same LAN. Second, if a STUN (Session Traversal Utilities for NAT) server is reachable, the browser queries it to discover its "Server-Reflexive Candidate" — the public IP:port that the NAT assigns to outbound connections. This works for most home and office networks with simple NAT configurations.

Third, when symmetric NATs or strict firewalls block the above, a TURN (Traversal Using Relays around NAT) server is used. TURN acts as a media relay — the only case where a server touches your data path. Even then, since the data is DTLS-encrypted before reaching TURN, the relay server cannot decrypt or read any content.

ICE then performs "connectivity checks" — sending STUN binding requests across all candidate pairs — to find the optimal direct path. The winning candidate pair becomes the active transport.

DTLS is the UDP-compatible variant of TLS, adapted for the unreliable, out-of-order packet delivery characteristics of datagram protocols. WebRTC mandates DTLS 1.2 or higher for all data channels — there is no non-encrypted mode.

During the DTLS handshake (which runs after ICE connectivity is established), each peer generates a self-signed X.509 certificate. The fingerprint of this certificate — a SHA-256 hash — was previously embedded in the SDP exchange. Both peers cross-verify these fingerprints during the DTLS handshake, creating a cryptographic binding between the identity established in SDP and the key material being negotiated.

The DTLS handshake uses the standard TLS 1.2 cipher suite negotiation to establish a shared Master Secret. From this, both sides derive symmetric encryption keys using a key derivation function (PRF). The resulting session keys are used for all subsequent AES-256-GCM encryption of channel data.

A critical security property: the DTLS handshake cannot be forged by a man-in-the-middle without controlling the signaling server AND compromising the fingerprint exchange. Since our signaling server only transmits SDP — not the private keys — interception at the signaling layer cannot enable decryption of channel traffic.

While RTCDataChannel uses DTLS directly for data, media streams (audio and video) are transported via SRTP — Secure Real-time Transport Protocol, standardized in RFC 3711. SRTP is a profile of RTP (Real-time Transport Protocol) that adds symmetric encryption and message authentication.

The encryption keys for SRTP are derived from the DTLS handshake using a mechanism called DTLS-SRTP (RFC 5764). The DTLS connection negotiates a shared keying material, which is then fed through a key derivation function to produce separate encryption and authentication keys for each SRTP stream direction (send/receive).

SRTP uses AES in Counter Mode (AES-CTR) for encryption and HMAC-SHA1 for authentication tags on each RTP packet. Each packet includes a Packet Index to prevent replay attacks — an attacker who captures and retransmits a valid encrypted packet will be rejected by the receiver's replay detection window.

ShareLink's data channels do not use SRTP directly (that is reserved for media streams), but understanding SRTP illustrates the layered encryption philosophy of WebRTC: every possible data path is independently secured, with different cryptographic primitives tuned to each transport's latency and reliability requirements.

RTCDataChannel is the WebRTC API that ShareLink uses to transmit messages and files. Underneath the browser API, data channels are implemented on top of SCTP (Stream Control Transmission Protocol) — a transport layer protocol that provides features of both TCP (reliable, ordered delivery) and UDP (unreliable, low-latency delivery), configurable per channel.

SCTP itself is tunneled inside the DTLS connection, so the encryption stack is: RTCDataChannel → SCTP → DTLS → UDP → IP Network. This means data channel messages are encrypted by DTLS before they hit the network.

Each RTCDataChannel is created with configuration options: "ordered" (whether messages arrive in sequence), "maxRetransmits" (how many times to retry lost packets), and "protocol" (an application-level string identifier). ShareLink creates ordered, reliable data channels for text messages and a separate unordered channel optimized for streaming file chunks with lower latency.

The channel emits events: onopen (DTLS handshake complete and channel ready), onmessage (data received from peer), onclose (peer closed or disconnected), and onerror (SCTP-level error). All message payloads — strings or ArrayBuffers — pass through the DTLS encryption layer transparently, requiring no application-level encryption code.

NAT hole punching is the mechanism ICE uses to establish direct peer-to-peer connectivity through Network Address Translation devices. Understanding it reveals why ShareLink can connect two browser clients on different continents without a media relay server in most cases.

When both peers are behind NATs, neither has a stable public address. The hole-punching technique exploits a behavior of stateful NATs: when a device sends a UDP packet from internal address A:portA to external address B:portB, the NAT creates a mapping entry and will forward future packets from B:portB destined to the NAT's external IP to A:portA.

ICE coordinates simultaneous outbound UDP packets from both peers toward each other's Server-Reflexive candidates. If the timing is coordinated (via the signaling server), each outbound packet "punches a hole" in the sender's NAT — creating a mapping that allows the other peer's incoming packets to pass through. When both packets arrive and the NAT mappings are in place, a bidirectional direct channel is established.

This technique, called "simultaneous open," succeeds with most full-cone, restricted-cone, and port-restricted NAT types. Only symmetric NATs — which create different external mappings for each destination — require falling back to TURN relay. Modern ISPs predominantly use port-restricted NATs, making TURN relay necessary in roughly 15-20% of real-world WebRTC connections, according to industry telemetry.