[
For webrtc peers, what domain is dtls used for negotiation? I am puzzled. There seems to be no relevant attribute definition in the sdp. Is it the domain where the web page is located?
,
WebRTC doesn’t use a certificate authority. No domains are involved. With WebRTC the Authenticity that you get from PKI is just replaced with certificate fingerprints.
Each side generates a certificate and then shares the fingerprint in the Session Description (Offer/Answer). After the DTLS handshake is complete it makes sure that the certificate exchanged was the same.
How DTLS actually works is explained in WebRTC for the Curious#Securing a bit more.
]