6
votes

I am currently building a real time video chat healthcare app with opentok api, whose technology is largely built on WebRTC and would like to know how the overall security-aspect is handled.

1

1 Answers

9
votes

In short, yes. All WebRTC media streams are encrypted.

Since WebRTC is a working spec, here is what I currently know as of July 8, 2013.

All webRTC streams are encrypted with 128-bit AES. Whether that is sufficient for HIPAA compliance or satisfy other health and technology requirements would require more research and knowledge about healthcare.

For an updated documentation about security for WebRTC I would look at IETF docs. http://www.ietf.org/rfc/rfc3711.txt
http://www.ietf.org/rfc/rfc5764.txt

Here is the proposed security architecture: http://www.ietf.org/proceedings/82/slides/rtcweb-13.pdf