[Standards] Proposed XMPP Extension: STUNServerDiscovery forJingle

Scott Ludwig scottlu at google.com
Sun Mar 25 19:06:51 UTC 2007


The client should not allocate relay sessions via the xmpp server. It
makes it difficult to scale relay load across data centers, and more
difficult to choose the relay server with the lowest latency for that
client.

The client should discover the dns name of the relay server over XMPP,
and discover an authentication token for allocating a session from the
relay server, using a mechanism similar to the stun server discovery.

Then the client should resolve the dns name, which will allow the
client to discover the closest relay server ip address geographically,
for minimal latency and good load distribution.

On 3/25/07, Thiago Camargo <thiago at jivesoftware.com> wrote:
> Yes, OpenFire now can act as a STUN Server, but not as a TURN Server.
>
> "While there are no security problems with Binding requests, publically available
> TURN servers can be used by non-xmpp software as anonymous proxies."
>
> That's exactly what we are trying to prevent using XMPP Server to negotiate Relay Sessions for clients. In other words, clients don't have direct access to request a Relay Session from Relay Server.
> User should ask a relay Session from its XMPP Server and receive everything it needs directly from XMPP Server. In this case XMPP Server should authenticate and allocate a relay session in a Relay Server, and send all the information like IP Addresses, port numbers, and password to clients.
>
> Regards,
> Thiago
>
> -----Original Message-----
> From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On Behalf Of Matt Tucker
> Sent: domingo, 25 de março de 2007 11:44
> To: XMPP Extension Discussion List
> Subject: RE: [Standards] Proposed XMPP Extension: STUNServerDiscovery forJingle
>
> I didn't propose a public TURN server. Yes, that would be a crazy idea.
> :) STUN is a somewhat special case because it requires two public IP
> addresses from the server. Openfire can now act as a STUN server, but
> the two IP address requirement makes that a bit of a setup burden.
>
> Regards,
> Matt
>
> > -----Original Message-----
> > From: standards-bounces at xmpp.org
> > [mailto:standards-bounces at xmpp.org] On Behalf Of Evgeniy Khramtsov
> > Sent: Sunday, March 25, 2007 1:47 AM
> > To: XMPP Extension Discussion List
> > Subject: Re: [Standards] Proposed XMPP Extension: STUN
> > ServerDiscovery forJingle
> >
> > Matt Tucker wrotes:
> >
> > > * Should we run a public STUN server at xmpp.org
> > >
> >
> > I think this is not a good idea :) While there are no
> > security problems with Binding requests, publically available
> > TURN servers can be used by non-xmpp software as anonymous proxies.
> >
>



More information about the Standards mailing list