Remove SDES key exchange for WebRTC - Chrome Platform Status

Feature: Remove SDES key exchange for WebRTC (removed)

The SDES key exchange mechanism for WebRTC has been declared a MUST NOT in the relevant IETF standards since 2013. The SDES specification has been declared Historic by the IETF. Its usage in Chrome has declined significantly over the recent year. This intent is to deprecate and remove this code from Chromium and WebRTC.

Motivation

The reason why SDES is deprecated is that it is a security problem: It exposes session keys to Javascript, which means that entities with access to the negotiation exchange, or with the ability to subvert the Javascript, can decrypt the media sent over the connection.

Specification

Specification link

Status: Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium

Blink components: Blink>WebRTC>Network

Implementation status: Removed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Shipped/Shipping
Safari: Shipped/Shipping
Web Developers: No signals

Owner

hta@chromium.org

Comments

Removed in 97 but restored; removed in 98 for all platforms except Fuchsia.

Last updated on 2022-01-21