WebRTC
WebRTC (Web Real-Time Communication) is a collection of APIs and protocols that let browsers establish peer-to-peer connections for media streams and arbitrary binary data — without plugins.
Core building blocks
- SDP (Session Description Protocol) — text format describing codecs, transport addresses, and capabilities. Exchanged via signaling (not standardized; often WebSockets or HTTP).
- ICE (Interactive Connectivity Establishment) — gathers candidate IP:port pairs (host, server-reflexive, relay) and tests connectivity.
- STUN — discovers the client’s public address behind NAT.
- TURN — relays media when direct P2P fails (symmetric NAT, strict firewalls).
- DTLS — encrypts SCTP data channels.
- SRTP — encrypts RTP audio/video payloads.
Typical connection flow
- Each peer creates an
RTCPeerConnectionand adds tracks or data channels. - One side creates an offer SDP; the other creates an answer.
- ICE candidates are trickled or batched to the remote peer via your signaling server.
- Once ICE completes, media flows directly (or via TURN relay).
Security model
- Media and data are always encrypted (DTLS-SRTP / DTLS over SCTP).
- Signaling must be authenticated — whoever controls signaling can MITM the session.
- TURN credentials should be short-lived; consider credential abuse in billing-sensitive deployments.