[Security] TLS Certificates Verification (summary)

Dave Cridland dave at cridland.net
Wed Aug 20 05:50:02 CDT 2008


On Wed Aug 20 11:24:54 2008, Johansson Olle E wrote:
> 
> 20 aug 2008 kl. 12.08 skrev Dave Cridland:
> 
>> On Wed Aug 20 07:37:32 2008, Johansson Olle E wrote:
>>> 3) Clients may be behind NAT, so even a client-to-client direct    
>>> session may need help from a server (proxy). This will have to be  
>>>   considered.
>> 
>> This is a non-issue - we have Jingle, so we have the ability to   
>> negotiate various channels, at least one of which (IBB) will work   
>> through any amount of NATs and firewalling, albeit at a cost of   
>> efficiency and ugliness. Really, this whole debate about IBB vs  
>> NATs  vs whatever is immaterial; we have Jingle specifically to  
>> solve all  these problems, and it passes the buck to ICE-TCP et al  
>> to solve the  tricky cases.
> After spending many years with SIP and NAT traversal, I know that  
> we  will still need NAT traversal proxys, ICE/STUN is just a  
> discovery  service. And considering a possible future with IPv4 and  
> IPv6, there  will be proxys there too. Any solution has to work  
> with an unknown or  wellidentified point in the middle.
> 
> 
For the record, I'm saying that we, here, don't need to care at all  
about NAT traversal because this problem is either solved, or else  
needs to be solved by Jingle and not by us  and not here.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Security mailing list