-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/15/2014 02:58 PM, Carlos E. R. wrote:
On 2014-12-15 23:38, John Andersen wrote:
What I doubt is this nonsense about not having to register with a service. You can not magically just find a remote IP address to route your video connection to, without a third party. And THAT is where the attack comes in.
It is true, there is no registration. Mozilla has a welcome link, or whats new on this version, that explains it (I don't have it or I'd post it). You send the other party a temporary link to yourself, hosted somewhere, yes, but without registration. Similar to pastebin sites, you do not need registration.
I guess the server role is only to find one another, the video is peer 2 peer.
Nope, it can't be that simple. It is necessary that there be a third party somewhere with the ability to eavesdrop. Picture this: Carlos sits behind (at least one) Nat-Router-firewall and sends jsa a link to connect. I try to connect, but run smack into carlos's firewall. The usual firewall piercing technologies is therefire required. Carlos connects to some (possibly distributed) bridge site, then sends jsa an invite, and I try to connect to this bridge site. The bridge matches the two connections, and sends my video to Carlos. But Carlos still can not connect directly to me, even after we have a working two way connection via the bridge, because I too am behind (at least one) nat-firewall-router. We have no other choice but to pass video through this common bridge. This is skype revisited. (Before microsoft routed all connections through their servers such that they could choose to make any of them tap-able by US authorities with a simple piece of paper. Best possible situation is that YOU and I are using some form of private key encryption with the keys never shared with the bridge. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSPavsACgkQv7M3G5+2DLKEjwCdHSdKBgTi5727OO46IxktKFZ0 fCEAoIX7mTxAZPCgEvNE8YfYP3nR0ouq =+aiI -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org