> Because of firewall network address translation (NAT) issues, rendezvous protocols generally require that there be at least one unblocked and un-NATed server that lets the peers locate each other and initiate concurrent packets at each other.
So probably cant help with a VPC unless you pierce a hole for it.
I guess this makes sense, since by design this shouldn't be possible.
The point of the intermediate server is so that you can NAT hole punch, otherwise it has little point (except maybe as a relay, which is a bad solution).
We're making good progress on hole-punching, but it isn't available yet. Once complete, that should take some pressure/cost off the transit relay machine.
Note that the transit relay only sees ciphertext (for bulk data transfers). Even the mailbox server only sees ciphertext or SPAKE key-exchange messages. No server sees plaintext ever.
Thanks for the clarification. I didn't say the relay server is a bad solution because of transfer security (although it could be an issue), but rather because it is expensive in terms of bandwidth and so is unlikely to exist long-term.
