SDES stands for Security Descriptions for Media Streams.
SDES was an earlier key exchange mechanism for SRTP that passed encryption keys directly in the SDP using a=crypto attribute lines. SDES was explicitly banned from WebRTC in favor of DTLS-SRTP.
Why SDES was banned
SDES has a fundamental security flaw: the SRTP keys are carried in the SDP in plaintext. This means any entity that can observe the signaling messages (the signaling server, network intermediaries) can decrypt the media. This violates WebRTC’s security model.
DTLS-SRTP solves this by negotiating keys through an encrypted DTLS channel, ensuring that only the endpoints know the media encryption keys.
SDES outside WebRTC
SDES is still used in some traditional SIP/VoIP deployments where the signaling channel is trusted (e.g., within an enterprise network). When a WebRTC gateway bridges to such systems, it may need to convert between DTLS-SRTP (WebRTC side) and SDES (SIP side).
