Thursday, October 24, 2019

Episode 95: WebRTC with Sean DuBois

We are sponsored by audible!

We are on Patreon!


Join us on Discord!

WebRTC with Sean DuBois

  • Making changes to a language itself
  • How do people connect using WebRTC?
  • What is WebRTC?
  • What are options for using WebRTC in your app?
  • NAT traversal
  • WebRTC security and identification
  • The challenges of WebRTC
  • Dealing with latency and packet loss
  • Sending data reliably
  • How did Sean get into WebRTC?
  • Tips for getting a job in coding
  • How to contribute to Pion
Pion project:
Pion Twitter:


  1. Regarding your wish to tie a Twitter identity to the DTLS authentication step, I think you could in principle do that using TLS-SRP:

    SRP is a fascinating protocol for establishing *bidirectionally* that two peers in an exchange know a given secret (like a password) without either side revealing it to the other and without either side having to hold the secret in durable storage. Think zero-knowledge proofs meets hashed-and-salted passwords.

    The reason you can use SRP for this is that one of the things that falls out of the math is a random session key. (This means SRP is one of a class of algorithms called a password-authenticated key exchange, PAKE.) TLS-SRP uses that session key as its encryption key.

    Getting all of this to work over DTLS instead of TLS/TCP and then getting Twitter to support TLS-SRP over DTLS for proof of identity is an exercise left to the reader. :)

    Another difficulty is that there are several flavors of SRP, and each implementation you find online tends to speak only a subset of them, often just one. You end up needing to dig pretty far into the math to figure out which particular flavor a given library on GitHub uses so you can figure out whether it will speak to some other library, as when your client and server are written in different programming languages. (e.g. C++ back-end with JS front-end.) If one library pads the password out with nulls to 256 bits prior to doing a given math step and the other doesn't, for example, you'll never get the two libraries to agree to the knowledge proof.

    This site helps with all of that:

    Incidentally, if you've ever wondered why so many web sites these days are asking for the user name / email separately from the password when we were all trained to ask for both at once and then on login failure give a vague error that doesn't reveal which lookup failed, the user name or the password, use of SRP is one possible reason: SRP uses two message exchanges, one carrying the user name, the other carrying the secret knowledge verification, so it *has* to either verify the existence of the user first or at least pretend to do so.

    1. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts. Python Projects for Students Data analytics is the study of dissecting crude data so as to make decisions about that data. Data analytics advances and procedures are generally utilized in business ventures to empower associations to settle on progressively Python Training in Chennai educated business choices. In the present worldwide commercial center, it isn't sufficient to assemble data and do the math; you should realize how to apply that data to genuine situations such that will affect conduct. In the program you will initially gain proficiency with the specialized skills, including R and Python dialects most usually utilized in data analytics programming and usage; Python Training in Chennai at that point center around the commonsense application, in view of genuine business issues in a scope of industry segments, for example, wellbeing, promoting and account. Project Center in Chennai

  2. Regarding multicast, there's an important detail that didn't come up in the conversation, which is that consumer-grade network switches don't do anything special with it, so that multicast is basically the same thing as broadcast on most small LANs.

    Then on professional-grade networking gear, there's a handful of technologies for doing intelligent things with IGMP, the protocol that manages multicast IP groups, but they're usually disabled by default, and when blindly enabled, often don't do everything you want it to do until you configure the services to match your local needs.

    The bottom line is that very few networks are properly configured for the most efficient use of IGMP and/or multicast, even at the high end.

    The worst of them all is the Internet, which basically drops multicast at the border, which is a shame, because the protocol was created to allow Internet-wide efficient transmission of shared data streams. It could have allowed us to get to a Tivo over the Internet world, where my DVR announces at 7pm on Sundays that it wants to receive, which my cable Internet company maps to NBC, so it gets a copy of the live NBC feed at that moment until it stops responding to IGMP query packets which basically ask, "Do you still want to receive this?" An hour later, when the show is done streaming, my DVR could send an IGMP group-leave packet, causing my ISP to stop sending me this traffic.

    Instead, multicast is usually blocked at the Internet border gateways, so we're all having to pull redundant copies of each TV show on demand from Netflix, Prime, etc., which is why TV and movies are now the majority of the traffic on the Internet, and these companies are having to do back-room deals with the likes of Comcast to get VoD servers embedded in their regional data centers.

    It could have all been multicast, but no....this is why we can't have nice things. :(

  3. Wow! What an excellent article!!! It is very helpful for me. I’ve learnt a lot of things from this post, thank you. If anyone wants to learn more you can also visit

  4. I’d should seek advice from you here. Which isn’t something It’s my job to do! I enjoy reading a post that may get people to believe. Also, thanks for permitting me to comment!

  5. I really enjoy reading and also appreciate your work.
    data science course

  6. I am impressed by the information that you have on this blog. It shows how well you understand this subject.
    data analytics course
    big data analytics malaysia
    big data course

  7. Nice post, keep it up.
    Hope you are well in the current situation.
    seo malaysia

  8. Good article! Check out

  9. 먹튀검증 These are in fact impressive ideas in on the topic of blogging.
    You have touched some nice things here.

  10. 토토사이트추천 Pretty! This has been an incredibly wonderful article. Many thanks for providing this info

  11. 온라인카지노 These are genuinely enormous ideas in regarding blogging .

  12. Yes! Finally someone writes about web store. bookmarked! 온라인카지노

  13. I am glad to discover this page. I have to thank you for the time I spent on this especially great reading !! I really liked each part and also bookmarked you for new information on your site.
    Data Science Training in Chennai

  14. i am glad to discover this page : i have to thank you for the time i spent on this especially great reading !! i really liked each part and also bookmarked you for new information on your site.
    cyber security training in bangalore

  15. While looking for articles on these topics, I came across this article on the site here. As I read your article, I felt like an expert in this field. I have several articles on these topics posted on my site. Could you please visit my homepage? 우리카지노

  16. We absolutely love your blog and find almost all of your post’s to be just what I’m looking for. Does one offer guest writers to write content for you personally? I wouldn’t mind publishing a post or elaborating on a number of the subjects you write with regards to here. ufa slot

  17. I saw your article well. You seem to enjoy 바카라검증사이트 for some reason. We can help you enjoy more fun. Welcome anytime :-)

  18. I feel like I'm becoming a genius because there are so many good writings in the world.토토사이트추천

  19. What a perfect place to be.먹튀검증업체 I'm glad I got a lot of information.