Re: Proposing gobby?
- From: Philipp Kern <phil philkern de>
- To: Gustavo J.A.M.Carneiro <gjc inescporto pt>
- Cc: desktop-devel-list gnome org
- Subject: Re: Proposing gobby?
- Date: Wed, 16 Nov 2005 18:23:28 +0100
On Nov 16, 2005, at 15:53, Gustavo J. A. M. Carneiro wrote:
This happens because the home user doesn't have any feeling for the
limitations of the security of the protocol. Sure, the security
can be
adequate in some cases, but the end user doesn't know which cases, and
just uses it even when not secure.
Well, now you are exaggerating, which is sad. Verification of public
keys was planned, but hey, it's 0.3.0 now. Yes, that's indeed why the
server generates a public key on startup, which is currently only
used for safe password transmission.
It is currently not possible to replay the password, so you cannot
enter a session secured with a password. So the case you stated is
not real. By the way you will notice any join.
What's real however is the fact that the data stream itself is
unencrypted. This is currently because the encryption on the server
side is extensive due to the size of the private key. There is even a
stub for a security preferences tab in Gobby.
Kind regards,
Philipp Kern
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]