Re: [Ekiga-list] People using Ekiga behind a http proxy ?

From: yannick <sevmek free fr>
To: Ekiga mailing list <ekiga-list gnome org>
Subject: Re: [Ekiga-list] People using Ekiga behind a http proxy ?
Date: Wed, 14 Jan 2009 13:23:33 +0100
Le mardi 13 janvier 2009 à 22:44 +0100, michel memeteau a écrit :
> On Tue, Jan 13, 2009 at 9:00 PM, Ed <Ekiga 0x1b com> wrote:
>         >>
>         http://wiki.ekiga.org/index.php/Ekiga_behind_a_NAT_router#Using_Ekiga_through_a_http_proxy
>         >
>         > It's binary only and it's proprietary (patent pending)...
>         >
>         
>         
>         and therefore useless AFAIAC
>         
>         does an advert belong in that location on the Wiki?
>         
>         The correct venue to acquire the gift from our government of
>         privileges for your intangible asset is the Copyright system -
>         patents
>         are inappropriate for semantic works of any kind.
>         link sent to:
>         http://endsoftpatents.org/
>         http://dotank.nyls.edu/communitypatent/
> 
> whoua. calm down. I never said realtunnel  was open source, everyBody
> knows that  , advertise for a "standard" proprietary solution to
> tunnel SIp traffic so people can use Ekiga is a far better solution
> for me than saying " ask your admin to change the router .... " 
> 
> In the same Manner we advert on the wiki for proprietary SIP software
> in order to improve interop.... 

Ouch, it seems the guiltiness falls on my shoulders; as I'm the one who
wrote the page about interop in the wiki. Still, I could drop the hot
potato to someone else, deeper involved in the project. I wont. And I
hope everybody will understand why this is the wrong way to do so.

Let's clarify some points, and I speak here on my own, still all
relevant people involved in Ekiga are listening ;)

* I wish the world is perfect, i.e. no useless struggles between people.
It's clearly not the case. There is struggle everywhere. Whatever you
do, you get involve in it, and worst, it judges you because you have to
take side. You cannot say you're like Robinson in its island only
dealing with your pal Friday. What concerns me, is people urging you
take side between some principles (and I agree they're good) and some
people. Principles Versus people is wrong. This is a mistake to take
some principle from a theory and turn them into a Dogma. Why? Because
reality, from the point of view of humanity, is mostly a creation. Even
the time where we could say Mother Nature was out of reach and we could
take some principles out of it is gone. We can play with nature,
transform it at the DNA level, change so many things in it etc. We are
the species which can transform the world, while other species mostly
just adapt themselves or die. Any Dogma is against evolution, just like
if we reached perfection. This is something to consider, at any level,
including the software field. Why did RMS created the LGPL? As a tool in
the struggle, because there is part of the software field where we are
strong enough to lead, and there is part where we are weak; there is
part where we can be offensive-directly stand up in front of the enemy,
and there is part where we have to be defensive-indirectly trying to
influence the move of the enemy. Struggle is a kind of game where the
goal is to influence the enemy to make him move in the direction best
for you. You can either do it by the mean of destruction, e.g. using the
GPL, where you destroy the enemy force by replacing it with your own
force, either by the mean of reinforcement of your own position to push
the enemy in a position you consider best for you; using its own force
to make him fall. A Dogma will most probably fail in struggle because it
implies the enemy's move is all taking care by the Dogma, like if all
enemy's moves can be pre-calculate without any mistake, any surprise.
Principles cannot be more that just guidelines for the warriors.
Struggle is more an art, than science.

* As supporters of free softwares, we stand up for freedom. We use to
say free as in free speech, thus we consider any human worth enough to
give him all necessary knowledge/tools to get involve in our struggle to
free people, while proprietary software will try to make people
dependant. The proprietary software RealTunnel(tm) from Paradial is
patented and binary only. But the technologies it relies on to do the
job is either a standard (in the sens of IETF: STUN, TURN, ICE, VPN,
etc.) or HTTP tunneling which is non-standard but is already found in
e.g. wengophone. This implies Paradial position is rather weak, and IMHO
explains why this software is free as in free beer. Paradial is not
leading, still they try to explain they are. Let's see how.

The main argument of Paradial, except the connectivity, is security.
See:
http://www.paradial.com/storage/Elements/Paradial-FW-NAT-Whitepaper.pdf
Of course, they do not explain how can a binary only software be
trustworthy. Leading encryption software are released in the form of
source code for code auditing/review by peers, e.g. PGP. This is
something people taking side for free software say most of the time.
Free software are more secure because design and implementation are
know.
Paradial's security argument is their software can be used without any
change of the NAT network (which is the technical issue to get
connectivity). They claim actual NATs, Firewalls and routers are mostly
used for security reason and as their software can work with them as
they are, their software is part of the security policy. Thus it is not
only good for connectivity, it is safer than other solutions.
We _must_ break this argument down. Why?

1- It is true actual NATs, Firewall and routers are often designed with
security in mind. We might even consider worst NAT for VoIP (symmetric
NATs), which totally breaks VoIP connectivity are the most secure. The
issue here is those equipments where not designed with security _and_
VoIP in mind. This is the result of a misery at the level of internet
standards. There is still no standards for the internet to get VoIP
standards like SIP and Nats/router/firewall to work together. As a
result of this situation, NATs designers are free to design security as
they want and it is just a mess for VoIP. While Paradial is claiming
they are the solution, standards of the internet are fortunately
improving and work is going to define a standard for NAT and VoIP
interoperability.
see:
http://www.ietf.org/html.charters/behave-charter.html
The explicit purpose of this IETF working group is to define a set of
standard to have interoperability between NATs and VoIP at the internet
level.
If one compare the job of this IETF working group and the job of
Paradial, one should agree the right solution for connectivity in the
VoIP fiel is defining standards, not taking the actual broken internet
for granted like Paradial claims. And as Paradial does use so many
standards from the IETF, it is almost impossible to consider this
company is not aware of this work in progress. Paradial is just taking
advantage of the actual broken internet, just like Skype is doing. If
Paradial can get their softwares and SDK widely used, they will hold
back the spread of the new standards for NATs and VoIP interoperability.
Their actual defensive position -giving for free (as in free beer) their
software and providing a SDK to implement in VoIP clients- is quite
clever. They reinforce their position in the hope of moving main VoIP
actors in dependency.

2- In one hand, the very high level of complexity to bypass actual NATs,
as proven by the 9 (!) different techniques Paradial use, implies the
effort to secure the network is more prone to failure. More, as many
NATs are not designed to support VoIP through an established standard
and as Paradial software is designed to still bypass the policy
security, it can be considered as a hole in the policy security, just
like Skype can be considered too. In the other hand, the IETF is working
to simplify this level of complexity by making clear for NATs designers
how to integrate VoIP communications in their equipments. A good
security policy is established when all components are working hand to
hand. Paradial strategically takes for granted in their marketing
communication this will not happen.
Free software supporters always ask for specifications, for knowledge on
how does thing works, and we are not satisfy until we have control over
all components, especially to make them working great all together. This
improve security and open fields for innovation.

3- Paradial agree some of the techniques they use for the worst case
scenarii do have a cost on the VoIP communication quality. This is
especially true for the HTTP tunneling. While the idea to provide a SIP
proxy/TURN server in the private LAN is quite clever in some scenarii,
this require a quite high level expertise to install, thus is not the
target of user in our wiki when we advertise for this solution. We can
agree, most people using Paradial software will use the HTTP tunneling,
thus they will not get Ekiga's capabilities at its best. It is not quite
clear to me if the client they provide can play the role of an HTTP
server, but even if it is the case, you most probably need the Paradial
client both side, as Ekiga wont understand the HTTP stream on the other
side. Thus if we want this to really improve connectivity for all our
users, we probably should ask all of them to install the Paradial
client, just in case someone will try to contact them using the HTTP
tunnel. If someone will just use Ekiga to contact only a few people they
can just all install the Paradial client, still this is something to
clarify in the wiki. Thus people in need of this solution will get worst
communications and lower security both side as explained above. Most of
the efforts put in the wiki page are to help people configure their
network to get the best quality. Still, I do agree some people can't
change their network settings. If one consider the implication of
advertising for Paradial client to really get connectivity in all
scenarii, this quite the same as asking for partnership with this
company, and will show _we_ failed doing good connectivity on our own,
while the issue is at a higher level: at the internet level as explained
above. But why should we loose the battle, when there is people doing
good job on our side?

* Most of the job done by Paradial was to use internet standards (STUN,
TURN, ICE, VPN, etc.) and adding their own hack in the HTTP tunneling
form, and pack it all together with a GUI. (Plus the ability to have
their VoIP proxy on front of the LAN). We do have people coding free
software for all those technologies, we haven have some code for HTTP
tunneling in the wengosoftphone (well, we probably lack the server
part). We can take advantage of that. This means some work to find how
good existing solution from free software are, how to integrate, etc. We
might lack enough ressources to properly do the job, still there is
ressources.

* Paradial, like Skype, shows there is a conflict between improving the
internet for VoIP and holding it back for profit and expertise on badly
hacking internet. As Ekiga had always stand for standards, promoting
solutions like Paradial client without explaining why connectivity
fails, means shooting us in the foot. At least, we should explain why
solution like Paradial client, or Skype does exist, and why this is just
a matter of time before they fall in oblivion. We can play a role to
make this fall happen sooner, either by promoting/helping free software
solution using standards, either by giving people the knowledge why
actual times are bad for VoIP connectivity. e.g. I will not buy a router
which is VoIP unfriendly, if my corporate environnement is not VoIP
friendly, I will ask the admin to change the policy etc.


> 
> My question was more : does it work for you ? if it doesn't I won't
> advertise, but I've heard it was. 

To summarise, my point is not to find out if Paradial client does work
or fail, my point it to show the world even if Paradial client does a
good job for connectivity, it is historically determined. History is
going forward, the sooner the need of solutions like Paradial client or
Skype will fall, the better for freedom. I hope we all agree on this.

Deciding if we should advertise for the Paradial solution in the wiki is
just a matter of strategy. This is something we should all discuss. And
not using Dogma. Please.

Fact is we are weak in the field of connectivity if compared with e.g.
Skype. This is a well know fact. Even if it concerns a few people, it
directly impact our reputation.

Why improving the connectivity now? Should we wait standards? Is the
cost worth it?

Best regards,
Yannick
References:
- [Ekiga-list] People using Ekiga behind a http proxy ?
  - From: michel memeteau
- Re: [Ekiga-list] People using Ekiga behind a http proxy ?
  - From: Eugen Dedu
- Re: [Ekiga-list] People using Ekiga behind a http proxy ?
  - From: Ed
- Re: [Ekiga-list] People using Ekiga behind a http proxy ?
  - From: michel memeteau
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]