"A STUN server is still used to find out your external IP for NAT-busting." esse... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Rhapso on Feb 29, 2016 | parent | context | favorite | on: Show HN: Peer-to-peer secure file transfer using W...

"A STUN server is still used to find out your external IP for NAT-busting."

essentially, now the STUN is the MITM. STUN server lies to both parties about what their IP addresses are and responds with IPs that it controls. Both parties connect to those IPs and the messages are relayed between them.

nonane on Feb 29, 2016 [–]

This is incorrect. Once data starts to flow, DTLS is used to encrypt the connection and verify each peer's identity. If the STUN server attempts to MITM, it will be detected.

CiPHPerCoder on Feb 29, 2016 | [–]

Maybe I'm reading your comment wrong (if so, sorry!), but that sounds like a race condition to me.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact