P2. Signaling protocol
Normative protocol documentation for the current implementation. Not independently audited.
P2.1 Scope
This chapter specifies connection establishment signaling for EnkryptedChat-Profile-v0 when using an online PeerJS-compatible broker over WSS.
Out of scope for v0: QR-based or manual SDP exchange (ch. 3).
P2.2 Roles
| Role | Responsibility |
|---|---|
| Initiator | Peer that opens connection to remote peerId |
| Responder | Peer that accepts incoming connection |
| Broker | Relays signaling messages; semi-trusted (ch. 2) |
P2.3 Signaling sequence
P2.4 Normative requirements
- Signaling MUST use TLS (WSS) in production.
- The broker MUST NOT be assumed to protect message application plaintext (it does not receive cascade ciphertext except as opaque SDP/ICE side channels).
- Peers MUST treat broker compromise as signaling MITM risk until channel binding exists (future work).
- After data channel
open, peers MUST run the crypto handshake in P3 before sendingtype: "message"withencryptedMessageunless encryption is disabled for debugging.
P2.5 Peer ID
- Generated client-side; opaque string used as broker address.
- Not a cryptographic identity key.
- Collision resistance is probabilistic; no global registry.
P2.6 STUN/TURN (transport adjunct)
ICE candidates may traverse STUN/TURN as defined by WebRTC. TURN policy is product-configurable (ch. 3). TURN is not part of the JSON PDU catalog.
P2.7 Signaling vs data channel
| Traffic | Channel | Format |
|---|---|---|
| SDP, ICE | Broker (PeerJS) | PeerJS protocol |
| Application PDUs | WebRTC data channel | JSON UTF-8 (P4) |
No application type from P4 is sent over the signaling broker in v0.
P2.8 Compromised broker
A malicious or compromised broker can:
- Observe Peer IDs and connection timing (social graph metadata).
- Perform signaling MITM on SDP/ICE unless peers verify out-of-band or channel binding is added (future work).
A broker cannot (in the v0 architecture):
- Read cascade ciphertext (not carried on signaling).
- Inject application handshake PDUs (those use the data channel only).
Peers SHOULD use WSS with certificate validation in production. See ch. 9 threat model and ch. 8 deployment.
P2.9 Future signaling authentication (informative)
Roadmap options (not normative in v0/v1): broker API token, mutual TLS on signaling. No implementation deadline is specified in this specification.