Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency.
The application has been available since last year when the internet giant launched it as a demo for Cloudflare Calls (now Realtime).
With the introduction of E2EE and the resolution of various trust and verification issues, users interested in strong cryptographic assurances can explore Orange Meets as a foundation for secure video calling in research or prototyping contexts.
E2EE encryption design
Orange Meets implements end-to-end encryption using Messaging Layer Security (MLS), an IETF-standardized group key exchange protocol.
The Rust-based implementation of MLS on Orange Meets enables continuous group key agreement, which supports secure group key exchange, forward secrecy, post-compromise security, and scalability.
The encryption is handled entirely on the client side using WebRTC, so Cloudflare or the Selective Forwarding Unit (SFU) acts as forwarding intermediaries that do not have access to sensitive communication data.
Orange Meet topology
Source: Cloudflare
Cloudflare has also introduced a "Designated Committer Algorithm" that handles dynamic group membership changes (user joins/leaves a video call) securely.
... continue reading