Encrypting without key negotiation?
- From: Dave U. Random <anonymous@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Jun 2011 11:23:39 +0200 (CEST)
Looking at Google's new WebRTC API I was pleased to see that they're
using AES to encrypt the data stream. However, I can't find any
references to either RSA, DH or ECC for the key negotiation. It looks
like they're sending the key in cleartext over the Internet.
I hope that I'm mistaken. Could someone confirm this?