[lotharrr]

We're making good progress on hole-punching, but it isn't available yet. Once complete, that should take some pressure/cost off the transit relay machine.

Note that the transit relay only sees ciphertext (for bulk data transfers). Even the mailbox server only sees ciphertext or SPAKE key-exchange messages. No server sees plaintext ever.

[krageon]

Thanks for the clarification. I didn't say the relay server is a bad solution because of transfer security (although it could be an issue), but rather because it is expensive in terms of bandwidth and so is unlikely to exist long-term.