Hmm. Seems like all traffic goes through a central proxy server.
Shouldn't it be possible to use the central server only for hole-punching and implement a TCP-over-UDP connection so that the clients can directly communicate with each other? (And don't the major browser vendors already have public NAT-hole-punchers for WebRTC?)
"Hmm. Seems like all traffic goes through a central proxy server."
My first thought.
Also, the server and code may be secure, the weakest point is a person. cf: "You can share the Session URL with a colleague in your organization. Assuming that your colleague has access to teleport.example.com proxy, she will be able to join and help you troubleshoot the problem on "db" in her browser." ~ http://gravitational.com/teleport/docs/quickstart/
Shouldn't it be possible to use the central server only for hole-punching and implement a TCP-over-UDP connection so that the clients can directly communicate with each other? (And don't the major browser vendors already have public NAT-hole-punchers for WebRTC?)