Interesting technique!<p>Do I understand it correctly that offer and ICE candidates are already exchanged and processed <i>before</i> the callee accepts the call? Isn't it quite risky that data received from the network (an SDP offer that needs to be parsed) is passed directly to a gigantic and complex C++ codebase (WebRTC) without any user interaction? This increases the attack surface enormously and also makes vulnerabilities like CVE-2019-17191 possible.<p>(One option how to avoid this would be to cache offer and candidates for unknown contacts, and only process them once a call is accepted...)