[Cryptography] peering through NAT
jamesd at echeque.com
jamesd at echeque.com
Sat May 11 05:03:52 EDT 2019
On 2019-05-11 13:06, Christian Huitema wrote:
> But then, having a unique stable address/identifier for each device has some pretty nasty privacy implications. It is not hard to find privacy advocates who believe that Carrier Grade NAT is great, because it lets people hide.
On reflection, the best solution would be a peer to peer system where
each peer has a public key, some peers have accessible ports and can be
accessed by any peer, messages percolate from peer to peer, and the
messages can propose a stun rendezvous - a peer that wants a direct
connection with another peer behind a NAT nominates a time and an IP
port, and at the appointed time, both peers fire off UDP packets to each
other on that port.
This, however, requires a reliability and bandwidth throttling mechanism
on top of udp, an ssl like layer on top of udp. A number of libraries
contain such mechanisms, but the mechanism tends to be connected to lots
of things, not happy with any of them that I have looked at. You just
want a monkey, and get the entire jungle.
By and large, VOIP does go through UDP with a throttling mechanism, but
libraries that provide this are not small and generic, but rather
special purpose - they expect you to use the entire library in the
intended way for the intended purpose, and using it in a different way
needs a rewrite. The GameNetworkingSockets library sort of provides a
udp reliability and throttling layer, though it is a bit broken at the
moment, and is thinking about providing this with stun. But integrating
stun with the GameNetworkingSockets library seems to need a lot of
inside knowledge of the GameNetworkingSockets library.
More information about the cryptography
mailing list