There are parameters in the SDP ice-ufragand ice-pwd, but are they (or any other parameters) really confidential for a secure end-to-end connection, if I can guarantee that the SDP offer / response has not been changed (with a digital signature as an example)?
A use case is a P2P system in which I have the public key of the other side, and I want to make sure that I am really connected to it securely. The other side, however, does not have my public key, and I do not care who I am.
WebRTC and related specifications are too large, so I have not yet found a clear answer to this question (HTTPS is recommended everywhere, but not so much besides), and I have not found an article that discusses WebRTC security from this point of view. Hope someone with deep knowledge of WebRTC can clarify this issue.
The questions that were marked as possible duplicates do not contain any evidence of the origin of the SDP (in the form of a digital signature or in any other way), therefore this question is unique.
source
share