[Nottingham] Jitsi meet encryption/security - Going Virtual!

Martin martin at ml1.co.uk
Sat Apr 4 23:53:01 UTC 2020

Mmmmm, looking further at the Jitsi security, see:


*Are my meetings encrypted? Is encryption end-to-end*

This is something we get asked a lot, so let’s dive into the details:

Jitsi meetings can operate in 2 ways: peer-to-peer (P2P) or via the
Jitsi Videobridge (JVB). This is transparent to the user. P2P mode is
only used for 1-to-1 meetings. In this case, audio and video are
encrypted using DTLS-SRTP all the way from the sender to the receiver,
even if they traverse network components like TURN servers.

In the case of multiparty meetings all audio and video traffic is still
encrypted on the network (again, using DTLS-SRTP). Packets are decrypted
while traversing Jitsi Videobridge; however they are never stored to any
persistent storage and only live in memory while being routed to other
participants in the meeting.

... At the moment WebRTC has no way to negotiate multi-party encryption
over a single connection. Every client sets up a separate crypto context
with the video router, which then has to trans-crypt the data as it
relays it from one client to another.

[Not there yet but how soon?]

... The folks from the WebRTC team are working on providing ... an
additional layer of encryption that would allow apps to add an
end-to-end encryption layer while still allowing SFUs to function. You
can bet we will be all over this as soon as possible.

Meanwhile, I'll test hosting a Jitsi server on my meagre infrastructure
and then test how many connections I can run through it!

Looking around further, Jitsi still looks to be the best option. Unless
anyone has any other ideas?

3D-print a vaccine so we can all meet for real down the pub??!... ;-)


On 04/04/2020 17:00, VM wrote:
> My understanding is that Jitsi Bridge can see the multumedia traffic.
> However, we can host our own server for that, which according to
> opinions on Fediverse is a real resource hog. In that case we'd loose
> telephony connection but gain privacy. If none of the endpoints is
> hacked... :)
> On April 4, 2020 3:36:12 PM UTC, Martin via Nottingham
> <nottingham at mailman.lug.org.uk> wrote:
>> On 04/04/2020 16:20, VM wrote:
>>> It's all Microsoft's fault. It mismanaged Skype so that Zoom
>>> which was never designed to be a critical piece of software
>>> suddenly came under so much scrutiny and expectations.
>> I suspect more that Zoom has merely been opportunistic for some
>> viral Marketing for its free-of-upfront-cost use...
>> (Painful puns R-Us :-P )

More information about the Nottingham mailing list