My understanding is that the signaling server could be used as the perfect place to perform MITM attack. The README does not mention how berb addresses this concern at all.
Oh I would love some more details if you think that's the case. With Berb only two clients can connect really. So let's say you somehow guess a peer ID, which is very tough, and connect to a random user. You can technically send a file but they can easily ignore it since they didn't initiate the transfer. That being said, I can definitely add a way to verify the file is legit like the suggestion in the reply with hashes.
Should users trust the signaling server? IIRC, the signaling server can easily intervene SDP offer/answer so that it can intercept user files or instruct users to send files wherever it wants.
Oh I see what you are saying. Yeah I guess if we didn't know what the signalling server was doing, that would be a valid argument. But in my case we can see the server code is pure and simple. Unless you mean there's a bug that allows an attacker to do that?
Either way, would love to know your thoughts on improving trust with this.