Anyhow, I imagine a good strategy
> would be to steal from the best and hijack some OpenSSH/SSLeay code,
> rather
> than writing some new thing that may or may not "really" be secure.
> I think that at least initially, wrapping the existing protocol is the
> way to go, rather than inventing a new encoding.
What about this... Assuming I got it right, using VNC with SSH gives very
good security. The development of SSH is continously going on. One could make
VNC profit of this. So for UNIX it would be sufficient to have some
functionality that makes setting up SSH tunnels transparent to using VNC. I.e. an
option that tells VNC to set up und use the tunnels automatically.
The problem is Windows where one probably has no SSH (especially the daemon)
at hand so easily.
For the Java version there could Mindbright be interesting. They provide an
applet SSH. Up to now only SSH1 is GPL - as far as I know.
Would it be hard to have a solution for the daemon for Windows?
The goal would be to be able to always use the newest development of SSH.
And to make VNC just use it automatically. Because I think SSH should be a
service available to all computing platforms as a standard. On the other hand
incorporating SSH functionaltity into VNC would be something that in fact should
not be the job of a user's application but the OS.
That's what MS says about SSH:
SSH is an excellent method of securing protocols which are known to be
insecure. For example, Telnet and FTP sessions exchange all authentication
information in the clear. SSH can encapsulate these sessions to insure that no clear
text information is visible.
http://www.microsoft.com/TechNet/security/authen.asp
But obviously don't support it... why?
But having SSH client and daemon on Windows would eliminate the need for
separate encryption? Or... am I wrong? I think nobody would telnet today
anymore. So on UNIX that's no question to have SSH on board!
Thomas
--
Sent through GMX FreeMail - http://www.gmx.net
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
