I believe that depends on your authentication method. it is my understanding that windows authentication uses it's own encryption, so the session encryption would be a different encryption. with vnc's encryption, I can't see any reason to establish a new encrypted channel, so I would assume it to use the same one.
-----Original Message----- From: Singh, Harjit (Mission Systems) [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 30, 2005 12:17 To: Erik Soderquist; James Weatherall; [email protected] Subject: RE: Question Eric, Assuming encryption is used, is step three encryption link the same as in step 5 encryption or the encryption link is negotiated again for step 5. Harjit Singh -----Original Message----- From: Erik Soderquist [mailto:[EMAIL PROTECTED] Sent: Wed 3/30/2005 10:37 AM To: James Weatherall; Singh, Harjit (Mission Systems); [email protected] Cc: Subject: RE: Question I think this is the idea that is being sought: step 1.) tcp connection established step 2.) authentication method selected/negotiated step 3.) encrypted channel opened step 4.) authentication occurs step 5.) session proceeds (with or without encryption, depending on settings) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Weatherall Sent: Wednesday, March 30, 2005 09:59 To: 'Singh, Harjit (Mission Systems)'; [email protected] Subject: RE: Question Harjit, The NT Logon Authentication (Windows Authentication) method should work with any native Windows user authentication mechanism, e.g. NT Domains, Active Directory, LDAP, etc. Regards, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Singh, > Harjit (Mission Systems) > Sent: 29 March 2005 18:22 > To: James Weatherall; [email protected] > Subject: RE: Question > > James, > > Correct me if I am wrong. I am assuming first an encrypted > session is setup using assymetric keys followed by server > authentication and windows authentication. Once all the > authentications are performed, it results in secured data > across the link. > > The server authentication for enterprise version of RealVNC > uses 2048 RSA for server along with 128 bit encryption for > link. In addition windows authentication is performed for a > user to validate user. > > 1. Could you use Sunmicrosystem LDAP one for windows user > authentication or not ? > > Thanks.. > > Harjit > > -----Original Message----- > From: James Weatherall [mailto:[EMAIL PROTECTED] > Sent: Tue 3/29/2005 11:47 AM > To: Singh, Harjit (Mission Systems); [email protected] > Cc: > Subject: RE: Question > > > > Harjit, > > The public/private key exchange *is* the server > authentication stage, and is > used as the bootstrap for the secure encrypted session. > > Please refer to my previous replies to your mailing > list messages regarding > the difference between server authentication, and > Windows Authentication. > > Yes, you can safely assume that this is all done securely. > > Regards, > > Wez @ RealVNC Ltd. > > > > -----Original Message----- > > From: Singh, Harjit (Mission Systems) > [mailto:[EMAIL PROTECTED] > > Sent: 29 March 2005 17:07 > > To: James Weatherall; [email protected] > > Subject: RE: Question > > > > James, > > In the email you sent, when does the process of server > > authentication take place. If server authentication takes > > place first, is that process encrypted? I am assuming that > > private/public key mechanism takes place in first place > > before even server authentication takes place. > > > > How is server authentication different than windows > > authentication. Could I assume safely that both server > > authentication and windows authentication are > performed securely? > > > > Is the encrypted link setup in beginning will be the same for > > data communication between viewer and server? > > > > Regards, > > Harjit Singh > > > > > > > > -----Original Message----- > > From: James Weatherall [mailto:[EMAIL PROTECTED] > > Sent: Tue 3/29/2005 10:52 AM > > To: Singh, Harjit (Mission Systems); > [email protected] > > Cc: > > Subject: RE: Question > > > > > > > > Harjit, > > > > VNC Enterprise Edition's user authentication phase is > > secure because it > > takes place only after a secure (encrypted, > > tamper-proof, etc) connection > > has been established between viewer and server. If > > session encryption is > > not required then it is disabled immediately that the > > authentication phase > > has completed. > > > > The older VNC Password authentication scheme is secure > > simply because it > > uses a challenge-response protocol to verify the user's > > password, rather > > than having to pass it from viewer to server. > > > > Regards, > > > > Wez @ RealVNC Ltd. > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf > Of Singh, > > > Harjit (Mission Systems) > > > Sent: 29 March 2005 15:40 > > > To: [email protected] > > > Subject: Question > > > > > > I am new to RealVNC and performing search on > it particularly > > > with respect to security issues. I will > appreciate if someone > > > could explain the process of communication > sequentially > > > between RealVNC viewer and RealVNC server. > The expalnation > > > should start from beginning when VNC viewer want to > > > communicate to server and cover all the > issues with respect > > > to authentication and encryption. I figured > from previous > > > emails that authentication is secure but > would like to know > > > what makes it secure. > > > > > > I will appreciate if someone could provide > their telephone > > > number to contact with if possible. > > > _______________________________________________ > > > VNC-List mailing list > > > [email protected] > > > To remove yourself from the list visit: > > > http://www.realvnc.com/mailman/listinfo/vnc-list > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
