On Sun, 9 May 2004, Eugen Leitl wrote:
Not only that: NATted agents cannot be "called" unless they first register with some reflector on the open Internet. And centralized reflectors are, again, easy to attack, and also expensive to operate, as the bandwidth requirements are substantial (all the traffic flows through them): see e.g. John Walker's analysis of the reasons that led him to abandon SpeakFreely at http://www.fourmilab.ch/speakfree/ .
Thomas Shaddack suggested to leverage on Jabber, but:
1. Jabber uses TCP as transport, and therefore can't be efficiently used as transport for telephony, i.e. using encapsulation of the voice packets in the Jabber protocol in order to traverse NAT devices.
Oh! There is a little misunderstanding here! I proposed using Jabber for the presence/location/directory thing, and for negotiation between the clients about what method to use, if they can do direct peer-to-peer call or have to use a reflector (and what one), what cipher and key to use, etc. - the Jabber protocol is rather unsuitable for VoIP.
2. Jabber is based on a client-server paradigm similar to e-mail. Running a Jabber server requires an always-on machine with its own domain name; and, although dynamic DNS can help, the model again tend to be hierarchical, easy to attack etc. That pretty much rules it out also for session initiation, directory/presence etc.
That's true - but it can be implemented with relative ease, with lots of infrastructure already existing. Next generation of the system then can be built atop this.
The beauty of Skype, encryption aside, is that it's based on an overlay network solely based on P2P servents, relies (if their FAQ tells the truth) upon NO central registry for presence and directory services, and each client that runs non-NATted can transparently act as reflector supporting NATted users. Plus, all this (including, besides voice, text-based instant messaging) works with zero configuration with an idiotproof UI.
But it's closed-source and so can't be fully trusted :(