Hi all, I've been asked to look at the security of the spice protocol. I've looked at the project a bit already and have a few potential things to talk about, but I wanted to understand some of the underlying assumptions before I get too far into it.
First, I want to confirm that the protocol itself is not meant to be 'secure' (resistant to active and passive attacks) unless secured by some higher level channel protocol (like SSL). NOTE: this is not unusual, most internet protocols are not secured unless transported through a trusted pipe like SSL. -- It's usually considered better to use an existing security protocol for a transport than to create a brand new secure protocol from scratch. The chances of getting something wrong is pretty high even for security protocol experts. If it is meant to be secure, what types of attacks is it supposed to prevent without a secure channel? Is it, for instance, meant to have strong authentication? There will probably be some more questions depending on the answers to these. I couldn't find any security deployment guide (not surprising at this stage), which would answer these questions. Thanks, bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
