erbbysam
commented
10 years ago I'm really torn on this topic. Assuming DTLS over webrtc offers PFS, it should be at parity, however, in both cases you are trusting the server (DTLS - for signalling as identity providers has not been standardized yet. OTR - for the server to deliver the JS crypto). I've only removed the OTR functionality from the code that runs on rtccopy.com as an end user shouldn't trust the server to deliver non-compromised OTR JS. The code in this github repo still have that functionality such that an end user could host it themselves (on a trusted server, even if rtccopy.com is still used for signalling, it should be safe). I really need to document this better as there's really no good solution at this time until WebRTC identity servers get standardized or JS crypto can somehow be run in a more secure fashion.
You have concluded that the WebRTC Encryption layer is at parity with OTR?