Ideally I would not have to trust the signalling server to ensure I'm transferring files to who I think I am[0]. Not as much of a knock against your project as a knock against webRTC in general.
Has anyone considered a passphrase that splits into three words, where the middle server can decrypt one word and deliver a word and get a response then provide the whole phrase three words to prove it is the messenger that Bob sent?
[0]: https://webrtchacks.com/webrtc-and-man-in-the-middle-attacks...