This review is for the benefit of the Security AD's. Nobody else should read this. Or, if you read it, treat it as any other last call review :) I know very little about WebRTC, AVT, etc. I thought Section 1.2, summary of the alternatives, was great. I wish more documents did this kind of thing. And similar for all of section 2. The details in Section 3 about how to comply seem very clear. If I were implementing this, I could use easily use this as a checklist and test suite. Section 3.19 is the most important one for transport security. Not knowing the operating environments, it seems reasonable. The security considerations seems a little scant, given the opportunity for privacy concerns of participants and for intruders to disrupt calls. Is it common that the mixer is a trusted entity? A statement on that either way would be useful.