-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/16/2014 08:58 AM, Carlos E. R. wrote:
On 2014-12-16 17:29, James Knott wrote:
On 12/16/2014 11:21 AM, James Knott wrote:
Incidentally, it's not just browsers. It's an open protocol supported by W3C and IETF and can be implemented in other applications. So, you could have a video phone app on your smart phone that uses WebRTC. It's a means of getting away from proprietary protocols, such as Skype, or relying on a server, where the NSA etc., can get their paws on your conversations. Even if they intercepted your call somewhere on the Internet, they'd still have to break the encryption that's part of the spec. Compare that with regular SIP voice over IP calls, where encryption is generally not used.
And SIP is also peer to peer. The signaling goes via a server, at least initially, to find one another. Then the conversation can go directly end to end, no intermediary, or indirectly, via a host server; asterisk does this, but not for traversing firewall and nat, because it is done also intranet; it is done as a codec conversion service, so that both sides, even when using different codecs, can talk (I'm thinking of hardware voip phones which can not easily get new codecs).
Firewall/nat traversal is done with the help from stun servers.
http://en.wikipedia.org/wiki/STUN
That direct conversation happens is obvious when you setup the whole thing yourself, and the server simply does not have the internet pipe to hold all the bandwidth of the simultaneous conversations it handles. Being a private setup, you control it fully.
Did you even read your own linked article??? The STUN protocol allows applications operating behind a network address translator (NAT) to discover the presence of the network address translator and to obtain the mapped (public) IP address (NAT address) and port number that the NAT has allocated for the application's User Datagram Protocol (UDP) connections to remote hosts. The protocol requires assistance from a third-party network server (STUN server) located on the opposing (public) side of the NAT, usually the public Internet. .... If both peers are located in different private networks behind a NAT, the peers must coordinate to determine the best communication path between them. Some NAT behavior may restrict peer connectivity even when the public binding is known. The Interactive Connectivity Establishment (ICE) protocol provides a structured mechanism to determine the optimal communication path between two peers. Session Initiation Protocol (SIP) extensions are defined to enable the use of ICE when setting up a call between two hosts. ..... There isn't much magic is STUN, it essentially just returns the ip and port it was connected via. If the sip/voice/video can go direct, it will. But for you sitting behind your nat trying to talk to me sitting behind my nat there will be a third party involved. This service is provided by TURN servers http://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT STUN by itself cannot provide a complete solution for NAT traversal. A complete solution requires a means by which a client can obtain a transport address from which it can receive media from any peer which can send packets to the public Internet. This can only be accomplished by relaying data through a server that resides on the public Internet. This specification describes Traversal Using Relay NAT (TURN), a protocol that allows a client to obtain IP addresses and ports from such a relay. So Carlos: YES the server DOES have the pipes to hold all the conversations, because there are a bazillion TURN servers sitting out there in the world, all supplied by SIP providers and Google itself. Google (but not Mozilla) has more bandwidth than God. And because it is dispersed in data centers throughout the world there is no bottleneck. And because it is at least encrypted to some level, there is not much point in the police even asking for a wiretap. Side note: Use of UDP vs TCP is totally incidental the the issue here. STUN/ICE/TURN can all use TCP as well as UDP. UDP contains no magic. Its a much more primitive transport. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSQfWEACgkQv7M3G5+2DLJ9RQCghtDw8RBZBjxBm0DujZdl5VFr UQIAoIfmBKTtSMfBprm9aceu0BX0zEGL =CW6i -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org