On Mon, 2004-07-12 at 20:40 +0100, Mark McLoughlin wrote: > Another point worth noting about the SSL support is that (for now) > it uses anonymous diffie hellman key exchange which still leaves you > vulnerable to man in the middle attacks. Using the SSL support you > are only making it more difficult for someone to snoop your session. > On an untrusted network, I'd recommend using an SSH tunnel rather > than the SSL support in Vino. This situation seems like an ideal application of user-to-user Kerberos authentication. Vino is heavily targeting the enterprise space, where Kerberos will likely be in use. http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#u2uauth This was actually designed for authenticating X connections: http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#kerbxwin There is also some work on extending GSSAPI to support this (although you can use the Kerberos API directly of course): http://www.ietf.org/proceedings/98aug/I-D/draft-ietf-cat-user2user-02.txt
Attachment:
signature.asc
Description: This is a digitally signed message part