|
On 02/11/2011 04:47 PM, DRC wrote: This is certainly not my decision to make...On 2/11/11 3:22 PM, Robert Goley wrote:It does have some complications. Most software seems to use a GPL disclaimer/exception when using it. The libssh library is released LGPL though. If it can be used with GNUTLS, that should solve that issue.Not really, because as mentioned previously, GnuTLS is about 1/3 as fast as OpenSSL. Also, I don't understand the advantage of using libssh/GnuTLS vs. just using GnuTLS like we're already doing. The only advantage I could see to that would be in cases where there is a restrictive firewall and only the SSH port is open. I would get on board with using libssh if and only if: (1) It replaces GnuTLS as a way to do session encryption, not supplements it. This could be done easy enough because we would have control of all the authentication methods internally to the code. Single sign on could be done simply if the user and vnc passwords were the same. Ideally, it would use the VENCRYPT user/password authentication to do that.(2) It offers a fundamentally more user-friendly approach to SSH session encryption (such as providing a single sign-on to both the SSH server and the VNC server.) My experience so far is that it does. My tests were mainly using the SFTP portion which runs over the SSH channels...and (3) It performs as well as using the external SSH client. This is true, it was added because VNC did not support session encryption. I would much prefer a high performance TLS with no need for SSH. The benefit of bouncing off firewalls and other machines is useful occasionally but is not a required function.Really, I see the -via option as a convenience feature, nothing more. It's a way for Unix users to avoid typing the SSH forwarding command line by hand. It's not part of a comprehensive session encryption function. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel --
Robert Goley
 FOSS Implementation Specialist Toll Free: (800) 338-4984 Local: (770) 479-7933 Fax: (770) 479-4076 www.openrda.com America's only Free & Open Source fund accounting software company. |
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
