Webrtc
What Is WebRTC?
WebRTC (Web Real-Time Communications) is an open standard that enables browsers and mobile applications to exchange audio, video, and arbitrary data directly with each other through peer-to-peer connections, without requiring the installation of plugins or the use of proprietary software. The standard is defined jointly by the W3C, which specifies the JavaScript API, and the IETF, which defines the underlying communication protocols. Both specifications reached final published status in January 2021, marking WebRTC as a stable, broadly interoperable component of the open web platform. It is supported natively in all major web browsers and many mobile operating systems.
WebRTC draws on a substantial set of pre-existing internet protocols, assembling them into a coherent framework for real-time media: RTP and SRTP for media transport, DTLS for encryption key exchange, SCTP for data channels, and ICE for peer connectivity across network address translation (NAT) devices. Its design goal is that any two WebRTC endpoints should be able to establish a secure, low-latency media session without any specialized network infrastructure beyond what the internet itself provides.
Peer-to-Peer Media Exchange
At the application level, WebRTC exposes browser APIs for capturing audio and video from local devices through the MediaStream interface, then establishing a connection to a remote peer through the RTCPeerConnection interface. Once connected, media tracks flow directly between endpoints, bypassing any central server for the actual media data, which reduces latency and avoids concentrating large amounts of media traffic at a single point. The W3C Recommendation for WebRTC: Real-Time Communication in Browsers defines these APIs in full, specifying how tracks are managed, how capabilities are negotiated, and how the connection state machine operates.
Signaling and Session Establishment
WebRTC deliberately leaves signaling out of scope. The standard defines how peers exchange Session Description Protocol (SDP) offers and answers to negotiate codecs, bitrates, and encryption keys, but it does not prescribe how those SDP messages are delivered between peers before a connection exists. In practice, applications use a signaling channel over WebSocket, HTTP, or a messaging service to deliver SDP and ICE candidate information. The ICE framework then probes candidate address pairs using the STUN protocol and, when direct peer-to-peer connectivity fails due to symmetric NAT or firewall policies, falls back to relaying media through a TURN server. The IETF RFC 8825 overview of real-time protocols for browser-based applications describes how these components fit together as a layered protocol stack.
Security Architecture
Security is built into WebRTC rather than added as an optional layer. All media and data streams are mandatorily encrypted: SRTP carries encrypted audio and video, and DTLS-SCTP secures data channel traffic. Encryption keys are exchanged using DTLS, which authenticates each endpoint and establishes forward-secret session keys per connection. The IETF RFC 8827 on WebRTC security architecture defines the trust model, specifying that the browser enforces the security properties on behalf of the user and that no media can flow without successful DTLS handshake. This design prevents passive eavesdropping and requires active man-in-the-middle infrastructure to intercept communications, even when TURN relay servers are used.
Applications
WebRTC has applications across many real-time communication domains, including:
- Browser-based video conferencing and team collaboration tools
- Customer support chat and video interfaces embedded in websites
- Telehealth consultations connecting patients and clinicians through a browser
- Live streaming with ultra-low latency for interactive audience participation
- Peer-to-peer file transfer and gaming using the RTCDataChannel API