On Sun, 9 May 2004, Eugen Leitl wrote: > Not only that: NATted agents cannot be "called" unless they first register > with some reflector on the open Internet. And centralized reflectors are, > again, easy to attack, and also expensive to operate, as the bandwidth > requirements are substantial (all the traffic flows through them): see > e.g. John Walker's analysis of the reasons that led him to abandon > SpeakFreely at http://www.fourmilab.ch/speakfree/ . > > Thomas Shaddack suggested to leverage on Jabber, but: > > 1. Jabber uses TCP as transport, and therefore can't be efficiently used > as transport for telephony, i.e. using encapsulation of the voice packets > in the Jabber protocol in order to traverse NAT devices.
Oh! There is a little misunderstanding here! I proposed using Jabber for the presence/location/directory thing, and for negotiation between the clients about what method to use, if they can do direct peer-to-peer call or have to use a reflector (and what one), what cipher and key to use, etc. - the Jabber protocol is rather unsuitable for VoIP. > 2. Jabber is based on a client-server paradigm similar to e-mail. Running > a Jabber server requires an always-on machine with its own domain name; > and, although dynamic DNS can help, the model again tend to be > hierarchical, easy to attack etc. That pretty much rules it out also for > session initiation, directory/presence etc. That's true - but it can be implemented with relative ease, with lots of infrastructure already existing. Next generation of the system then can be built atop this. > The beauty of Skype, encryption aside, is that it's based on an overlay > network solely based on P2P servents, relies (if their FAQ tells the > truth) upon NO central registry for presence and directory services, and > each client that runs non-NATted can transparently act as reflector > supporting NATted users. Plus, all this (including, besides voice, > text-based instant messaging) works with zero configuration with an > idiotproof UI. But it's closed-source and so can't be fully trusted :(