Yes, security should be a base level feature of vnc.
Start-TLS is probably the best option to choose. For the compiled
code, openssl provides all of the low level support requried. For
the Java viewer one of the readily available jar files can be used.
The protocol needs to be updated to allow each side to advertize
whether it supports and/or requires encryption and to start
encrypting the session.
The servers and viewers need to be updated to offer options
for requiring an encrypted session and aborting when the
other side lacks support.
The crypted sessions should (optionally) be compressed before
encrypting.
A shorter term solution may be to use a different port via SSL as per
http vs. https.
-JimC
--
James H. Cloos, Jr. <http://jhcloos.com/public_key> 1024D/ED7DAEA6
<[EMAIL PROTECTED]> E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
