[jitsi-users] Re: Jitsi security


#1

Hi Emil,

> However I dream of a communicator having no central authority, no
> central servers.

Well ... you can get that by running your own XMPP server. The XMPP
world is federated and there is no main XMPP server.

could you please elaborate this?
Does it mean that when logged in in one XMPP
server, I'm visibile on all XMPP servers?

An other question, about data connection.

Once the connection between two (jitsi) client
is established (people talk and see each other),
does the data goes from client to server and
then is forwarded to the other client, or the
clients are connected directly?

It would be nice, in the p2p sense, to integrate
a "mini server" in jitsi and connect the clients
to each other without any server in the middle.

Not only for security, but also for performance.

Does it make sense?

Thanks,

bye,

···

--

piergiorgio


#2

It would be nice, in the p2p sense, to integrate
a "mini server" in jitsi and connect the clients
to each other without any server in the middle.

Than someone has to deal with nat, holepunching, and port forwarding.

Does it make sense?

Some what, but with the direct connection you have to configure the port
forwarding if holepunching does not work.
With encrypted messages and end to end encryption you could have the
security without the hassle and only have
to carry your id file if you want to use an other computer.

Jitsi has „off the record“ [1] with it, for Pidgin and some other messenger
you could get it as plugin. Off the record gives you
the end to end encryption.

Sadly Jitsi has only implemented the manual fingerprint verification. Not
the shared secret or challenge/ response that
comes with the Pidgin plugin.

Bye
Carsten

[1] http://www.cypherpunks.ca/otr/index.php


#3

Hi Carsten,

[...]

Than someone has to deal with nat, holepunching, and port forwarding.

of course, but I was wondering if there's an other
possibility. For example, keeping the server login,
using the information from both client in order
to setup a p2p connection.

Some what, but with the direct connection you have to configure the port
forwarding if holepunching does not work.

That's clear, but as I mentioned above, what if
using the server only for the setup, and then
let the data flow in p2p fashion?

With encrypted messages and end to end encryption you could have the
security without the hassle and only have
to carry your id file if you want to use an other computer.

Yep, but I was wondering about performance too.

I mean, how much can a server scale giving audio/video
traffic from several clients?

bye,

···

On Mon, Jul 02, 2012 at 07:41:58PM +0200, singub+all@gmail.com wrote:

--

piergiorgio