On Nov 16, 2005, at 15:53, Gustavo J. A. M. Carneiro wrote:
This happens because the home user doesn't have any feeling for the
limitations of the security of the protocol. Sure, the security
can be
adequate in some cases, but the end user doesn't know which cases, and
just uses it even when not secure.
Well, now you are exaggerating, which is sad. Verification of public
keys was planned, but hey, it's 0.3.0 now. Yes, that's indeed why the
server generates a public key on startup, which is currently only
used for safe password transmission.
It is currently not possible to replay the password, so you cannot
enter a session secured with a password. So the case you stated is
not real. By the way you will notice any join.
What's real however is the fact that the data stream itself is
unencrypted. This is currently because the encryption on the server
side is extensive due to the size of the private key. There is even a
stub for a security preferences tab in Gobby.
Kind regards,
Philipp Kern
_______________________________________________
desktop-devel-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/desktop-devel-list
