[WIP] MSC2359: E2EE VoIP Conferencing #2359
Conversation
A quick WIP sketch of how E2EE SFU VoIP conferencing could work in Matrix
ara4n
changed the title
turt2live
changed the title
|
|
||
| * You start off with a normal E2EE matrix room | ||
| * All members start a VoIP 1:1 call in a DM with the SFU | ||
| * However, the SRTP keys for the media RTP (not RTCP) streams are |
There was a problem hiding this comment.
@emcho wisely points out that SDP hasn't included SRTP keys in ~10 years, you just get the a=fingerprint line these days, which is a DTLS fingerprint. WebRTC doesn't currently give you a way in-browser to suppress the DTLS handshake and exchange the keys OOB, so there isn't a way to avoid handing the keys to the bridge endpoint. Therefore this proposal is completely flawed.
Hum.
There was a problem hiding this comment.
However, discussing further, it turns out that libwebrtc may well provide easy hooks these days to get at the compressed frames and encrypt them before transmit (and vice versa). So you'd keep the DTLS handshake to secure the SRTP stream, but would be transferring e2e-encrypted payloads within the SRTP stream.
Apparently Jitsi is then able to switch the streams around, assuming you packetise them with appropriate metadata, for which there's an spec or RFC somewhere (perhaps from PERC?).
In other words, while this may be impossible in browser, it could be done on Electron (especially with our fancy new build process) - and on the mobile apps, given we control the webrtc version they use.
There was a problem hiding this comment.
...it is now no longer impossible in browser, as per https://twitter.com/jitsinews/status/1249682190209896448?s=20
So, our plan now is to integrate to Jitsi much as we do today in Riot, but somehow tracking jitsi’s e2ee keys within megolm on the Matrix side. In future we could swap our their XMPP signalling entirely for Matrix and simplify things loads.
|
I need to update this to describe how it'd work with insertable streams rather than the SRTP keying thinko. |
|
Signal has added encrypted group calls today, it would be great to have it in Matrix as well: https://signal.org/blog/group-calls/ |
turt2live
added
the
needs-implementation
|
this needs to be completely reworked for insertable streams, plus is about to get obsoleted by native matrix voice/video conferencing, so am going to close it in favour of whatever comes next :) |
turt2live
added
the
abandoned
A quick WIP sketch of how E2EE SFU VoIP conferencing could work in Matrix
Rendered