[gfodor]

This is common and necessary for WebRTC SFUs, which perhaps is why Discord does it to support the least common denominator of their web browser based clients.

Edit: Yep, I thought I remembered reading this. Their voice servers are WebRTC SFUs. So this is basically state-of-the-art when it comes to voice over WebRTC. End to end encryption in WebRTC is not possible if you are using a SFU. https://blog.discordapp.com/how-discord-handles-two-and-half...

[gzer0]

End to end encryption in WebRTC is indeed possible even if you are using an SFU, this is achieved via Privacy Enhanced RTP Conferencing (PERC).

[1]. https://www.callstats.io/blog/2018/06/01/examining-srtp-doub...

[gfodor]

No, it’s not, because PERC is a proposal and is not implemented in any browsers.

[gzer0]

That does not mean it isn't possible; the implementation simply has not occurred.

[chrisan]

> That does not mean it isn't possible; the implementation simply has not occurred.

You can say that about almost anything.

The question is: is it possible today where it has an impact today in actual browsers today.

Future technology does not matter when there is no implementation

[gfodor]

That’s a pretty unique definition of “possible!”

You can just admit you googled it and didn’t realize it was not something you can do today in browsers, it’s ok :)

[ianlevesque]

You must be new here ;)

[ghjnut]

Didn't know what an SFU was. https://webrtcglossary.com/sfu/

[sequence7]

For convenience:

> SFU stands for Selective Forwarding Unit.

> At times, the term is used to describe a type of video routing device, while at other times it will be used to indicate the support of routing technology and not a specific device.

> An SFU is capable of receiving multiple media streams and then decide which of these media streams should be sent to which participants.

[jhgg]

This transport mode is also publicly documented here: https://discordapp.com/developers/docs/topics/voice-connecti...

[jeltz]

Why don't SFUs support end-to-end encryption? Is it just a missing feature in the WebRTC protocol or am I missing some fundamental reason?

[tpetry]

Yes its simply missing in the WebRTC spec. webRTC defines end-to-end encryption between two peers. But if you want to transmit data to many peers you need a server which is doing the fanout so the encryption is client1<->server and server<->client2.

This is true for all WebRTC implementations/services. They all state having end-to-end encryption but dont tell you that it means something different in WebRTC contexts.

PERC will solve this one day, but its sadly just a draft: https://webrtcglossary.com/perc/

[de_watcher]

As I understand, Discord server doesn't need to do audio processing, all mixing is done on the clients. So it would benefit from the "one-to-many" encryption, because currently it has to decrypt from one p2p connection and to encrypt to several p2p connections when someone talks (which breaks the end-to-end).

[jeltz]

Yes, that is what SFU is except there is apparently not support for one-to-many end-to-end encryption yet in the WebRTC protocol.