Signaling
According to the WebRTC standard, all of its components have to support and use encryption. Nevertheless, the standard doesn't describe the signaling mechanism. As you know from Chapter 1, Developing a WebRTC Application, you can use any protocol to provide the signaling mechanism for your application. It can even be an electronic mail or a snail mail. So, there is no standard that would describe the signaling mechanism and protocols for a WebRTC application. Thus, there is no standard that would describe security-related questions in the scope of signaling. Therefore, signaling has to be secure (this is mandatory), but it is totally up to you to make it secure.
In this book, we use WebSocket as a transport for the signaling mechanism in our applications. WebSocket is not a secure protocol by itself. To make it secure, we performed the following additional steps:
Configured HTTPS on the web server.
Configured the WebSocket proxy on the web server.
Made the signaling server listen on...