[jdev] Re: Google DNS SRV records
Rory
rory at ipster.org
Sat Aug 27 14:05:32 CDT 2005
On Sat, Aug 27, 2005 at 08:28:43PM +0200, Remko Troncon wrote:
>
> On 27 Aug 2005, at 19:58, Rory wrote:
>
> >You could run proxies inside firewalls that might be knowledgeable
> >about HTTP tunneling.
>
> You always look at this from the viewpoint of a network
> administrator. If you have no control over the network you are in
> (i.e. you are not an admin), and the only thing you can do is make a
> tunnel to the outside world, then you need to be able to override the
> host detected by your protocol. This is why, if you do not allow this
> in a client, you will never be able to use that client on the network
> you are working in.
>
You're right, I do always look at this from a network
administrator viewpoint or at least I try to.
What I'm getting at here is division of labour. I don't
think that an XMPP client should be expected to know how to
use HTTP tunneling to get through a firewall to speak to an
XMPP server listening on a particular IP on the other side.
I don't think it should be the responsibility of every XMPP
client/library to provide this functionality. However, I do
believe there is a case to be made for saying the client
should be able to talk to an XMPP proxy that will do the
tunneling for them. There is nothing to stop a user from
running a XMPP proxy that knows how to tunnel via HTTP
on their own box on a port above 1024 (and perhaps below
on windows - I don't know).
It's simply the UNIX philosophy - keep tools small, cohesive
and with a capability of using one another.
Rory
More information about the JDev
mailing list