The project it's in its early stages. There isn't anything as formal as a protocol yet. That is also why there isn't good documentation about it... The best I have for your question is:

https://positive-intentions.com/docs/research/authentication

Users can selfhost the frontend and backend independently. When creating a profile, you can set it to use your own peerjs-server (set preferences)

The frontend is only run as client-side JavaScript. There isn't a step to "set up clients".

Thanks. I want to also investigate if YJS could also fit into the app.

https://www.reddit.com/r/cryptography/comments/1bs7slv/help_me_understand_postquantum_cryptography/

Sorry to redirect to Reddit. I'm new to Lemmy.

Tldr; there are several approaches to this issue. In the case of webapps, relying on the offering from the browser should be enough.

I'm also investigating if wasm could also be a way to introduce real-world-entropy to key generation (because I noticed it isn't possible to seed the browser key generation)

There is a lot to be fixed throughout but file transfer and video calls should be working if you try out the live app.

The app is a active work in progress. I try to make this clear in my post. Any "protocol" being used, is subject to change as I make improvements.

You raise some good points about rotating keys and forward secrecy. These are things I will be including, but the app is far from finished.

Maybe this helps a bit (I know it's not what you want, but it's the best I got at the moment without diving into the code): https://positive-intentions.com/docs/research/authentication/

It's similar to matrix in many ways. The key difference is with mine it's is purely browser based. Unlike traditional solutions like matrix where you have a (self)hosted server, mine does not require things like registration or installation.

I'm using peerjs-server. I'm also investigating other ways to achieve peer discovery which itself could be quite a discussion.

An understandable view. Not sure what you mean by lengthy, but I can confirm my app is not well documented. If the MDN docs count, its a fairly thin wrapper around the functionality provided by the browser of your choice.

https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx

I'm using webpack 5 module federation to import that file at runtime. Perhaps over-engineered, but it's so I can keep the crypto functionality maintained separately. That repo is in need of more attention for things like unit tests, but the crypto implementation there is pretty basic.