Re: Proposing gobby?



On Nov 16, 2005, at 15:53, Gustavo J. A. M. Carneiro wrote:
  This happens because the home user doesn't have any feeling for the
limitations of the security of the protocol. Sure, the security can be
adequate in some cases, but the end user doesn't know which cases, and
just uses it even when not secure.

Well, now you are exaggerating, which is sad. Verification of public keys was planned, but hey, it's 0.3.0 now. Yes, that's indeed why the server generates a public key on startup, which is currently only used for safe password transmission.

It is currently not possible to replay the password, so you cannot enter a session secured with a password. So the case you stated is not real. By the way you will notice any join.

What's real however is the fact that the data stream itself is unencrypted. This is currently because the encryption on the server side is extensive due to the size of the private key. There is even a stub for a security preferences tab in Gobby.

Kind regards,
Philipp Kern



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]