SRTCP stands for Secure Real-time Transport Control Protocol.
SRTCP is the secured version of RTCP, providing the same confidentiality, message authentication, and replay protection that SRTP provides for media data. While SRTP encrypts the actual media packets (audio and video), SRTCP encrypts the control messages that accompany those media streams.
In WebRTC, SRTCP is mandatory. It travels alongside SRTP and uses the same encryption keys negotiated via DTLS-SRTP. The control messages carried by SRTCP include sender reports, receiver reports, and other feedback mechanisms that help endpoints monitor session quality and adjust transmission parameters accordingly.
SRTCP is defined alongside SRTP in IETF RFC 3711.
Why SRTCP matters in WebRTC
Without SRTCP, control messages would be sent in the clear, potentially leaking metadata about the call such as participant counts, quality metrics, and timing information. By encrypting these control messages, WebRTC ensures that even the metadata about a session remains private.
