A browser client can accept a RTC connection from any other client. The connection is established using a offer/answer model. It is good model surely but how can i understand if the offer contains the properties of connection i m expecting? The problem seams in particular about data channels. In SDP protocol for now there is no information about the count/identifiers of datachannels …. so a bad client could send a offer for 100000 datachannels when the other peer was expecting 1 datachannel. Same problem in renegotiation of offer/answer. For my opinion it was better to introduce a more adavanced security management in the native RTC model instead to leave to develop it by web developer.