Re: Vino: proposal for inclusion in GNOME 2.8

On Mon, 2004-07-12 at 20:40 +0100, Mark McLoughlin wrote:

>     Another point worth noting about the SSL support is that (for now) 
>     it uses anonymous diffie hellman key exchange which still leaves you
>     vulnerable to man in the middle attacks. Using the SSL support you 
>     are only making it more difficult for someone to snoop your session.
>     On an untrusted network, I'd recommend using an SSH tunnel rather 
>     than the SSL support in Vino.

This situation seems like an ideal application of user-to-user Kerberos
authentication.  Vino is heavily targeting the enterprise space, where
Kerberos will likely be in use.

This was actually designed for authenticating X connections:

There is also some work on extending GSSAPI to support this (although
you can use the Kerberos API directly of course):

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]