[Security] TLS Certificates Verification (summary)
Dave Cridland
dave at cridland.net
Wed Aug 20 05:50:02 CDT 2008
On Wed Aug 20 11:24:54 2008, Johansson Olle E wrote:
>
> 20 aug 2008 kl. 12.08 skrev Dave Cridland:
>
>> On Wed Aug 20 07:37:32 2008, Johansson Olle E wrote:
>>> 3) Clients may be behind NAT, so even a client-to-client direct
>>> session may need help from a server (proxy). This will have to be
>>> considered.
>>
>> This is a non-issue - we have Jingle, so we have the ability to
>> negotiate various channels, at least one of which (IBB) will work
>> through any amount of NATs and firewalling, albeit at a cost of
>> efficiency and ugliness. Really, this whole debate about IBB vs
>> NATs vs whatever is immaterial; we have Jingle specifically to
>> solve all these problems, and it passes the buck to ICE-TCP et al
>> to solve the tricky cases.
> After spending many years with SIP and NAT traversal, I know that
> we will still need NAT traversal proxys, ICE/STUN is just a
> discovery service. And considering a possible future with IPv4 and
> IPv6, there will be proxys there too. Any solution has to work
> with an unknown or wellidentified point in the middle.
>
>
For the record, I'm saying that we, here, don't need to care at all
about NAT traversal because this problem is either solved, or else
needs to be solved by Jingle and not by us and not here.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Security
mailing list