incidentally, why the need for such detail on this?
-----Original Message-----
From: Singh, Harjit (Mission Systems) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 30, 2005 12:29
To: Erik Soderquist; James Weatherall; [email protected]
Subject: RE: Question
Erik,
Thanks..
Harjit
-----Original Message-----
From: Erik Soderquist [mailto:[EMAIL PROTECTED]
Sent: Wed 3/30/2005 12:24 PM
To: Singh, Harjit (Mission Systems); James Weatherall;
[email protected]
Cc:
Subject: RE: Question
I believe that depends on your authentication method. it is my
understanding that windows authentication uses it's own
encryption, so
the session encryption would be a different encryption. with
vnc's
encryption, I can't see any reason to establish a new encrypted
channel,
so I would assume it to use the same one.
-----Original Message-----
From: Singh, Harjit (Mission Systems)
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 30, 2005 12:17
To: Erik Soderquist; James Weatherall; [email protected]
Subject: RE: Question
Eric,
Assuming encryption is used, is step three encryption link the
same as
in step 5 encryption or the encryption link is negotiated again
for step
5.
Harjit Singh
-----Original Message-----
From: Erik Soderquist [mailto:[EMAIL PROTECTED]
Sent: Wed 3/30/2005 10:37 AM
To: James Weatherall; Singh, Harjit (Mission Systems);
[email protected]
Cc:
Subject: RE: Question
I think this is the idea that is being sought:
step 1.) tcp connection established
step 2.) authentication method selected/negotiated
step 3.) encrypted channel opened
step 4.) authentication occurs
step 5.) session proceeds (with or without encryption,
depending
on
settings)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of James Weatherall
Sent: Wednesday, March 30, 2005 09:59
To: 'Singh, Harjit (Mission Systems)';
[email protected]
Subject: RE: Question
Harjit,
The NT Logon Authentication (Windows Authentication)
method
should work
with
any native Windows user authentication mechanism, e.g.
NT
Domains,
Active
Directory, LDAP, etc.
Regards,
Wez @ RealVNC Ltd.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
Singh,
> Harjit (Mission Systems)
> Sent: 29 March 2005 18:22
> To: James Weatherall; [email protected]
> Subject: RE: Question
>
> James,
>
> Correct me if I am wrong. I am assuming first an
encrypted
> session is setup using assymetric keys followed by
server
> authentication and windows authentication. Once all
the
> authentications are performed, it results in secured
data
> across the link.
>
> The server authentication for enterprise version of
RealVNC
> uses 2048 RSA for server along with 128 bit encryption
for
> link. In addition windows authentication is performed
for a
> user to validate user.
>
> 1. Could you use Sunmicrosystem LDAP one for windows
user
> authentication or not ?
>
> Thanks..
>
> Harjit
>
> -----Original Message-----
> From: James Weatherall [mailto:[EMAIL PROTECTED]
> Sent: Tue 3/29/2005 11:47 AM
> To: Singh, Harjit (Mission Systems);
[email protected]
> Cc:
> Subject: RE: Question
>
>
>
> Harjit,
>
> The public/private key exchange *is* the server
> authentication stage, and is
> used as the bootstrap for the secure encrypted
session.
>
> Please refer to my previous replies to your
mailing
> list messages regarding
> the difference between server authentication,
and
> Windows Authentication.
>
> Yes, you can safely assume that this is all done
securely.
>
> Regards,
>
> Wez @ RealVNC Ltd.
>
>
> > -----Original Message-----
> > From: Singh, Harjit (Mission Systems)
> [mailto:[EMAIL PROTECTED]
> > Sent: 29 March 2005 17:07
> > To: James Weatherall; [email protected]
> > Subject: RE: Question
> >
> > James,
> > In the email you sent, when does the process
of server
> > authentication take place. If server
authentication
takes
> > place first, is that process encrypted? I am
assuming
that
> > private/public key mechanism takes place in
first
place
> > before even server authentication takes place.
> >
> > How is server authentication different than
windows
> > authentication. Could I assume safely that
both
server
> > authentication and windows authentication are
> performed securely?
> >
> > Is the encrypted link setup in beginning will
be the
same for
> > data communication between viewer and server?
> >
> > Regards,
> > Harjit Singh
> >
> >
> >
> > -----Original Message-----
> > From: James Weatherall
[mailto:[EMAIL PROTECTED]
> > Sent: Tue 3/29/2005 10:52 AM
> > To: Singh, Harjit (Mission Systems);
> [email protected]
> > Cc:
> > Subject: RE: Question
> >
> >
> >
> > Harjit,
> >
> > VNC Enterprise Edition's user
authentication
phase is
> > secure because it
> > takes place only after a secure
(encrypted,
> > tamper-proof, etc) connection
> > has been established between viewer and
server.
If
> > session encryption is
> > not required then it is disabled
immediately
that the
> > authentication phase
> > has completed.
> >
> > The older VNC Password authentication
scheme is
secure
> > simply because it
> > uses a challenge-response protocol to
verify the
user's
> > password, rather
> > than having to pass it from viewer to
server.
> >
> > Regards,
> >
> > Wez @ RealVNC Ltd.
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On
Behalf
> Of Singh,
> > > Harjit (Mission Systems)
> > > Sent: 29 March 2005 15:40
> > > To: [email protected]
> > > Subject: Question
> > >
> > > I am new to RealVNC and performing
search on
> it particularly
> > > with respect to security issues. I
will
> appreciate if someone
> > > could explain the process of
communication
> sequentially
> > > between RealVNC viewer and RealVNC
server.
> The expalnation
> > > should start from beginning when VNC
viewer
want to
> > > communicate to server and cover all
the
> issues with respect
> > > to authentication and encryption. I
figured
> from previous
> > > emails that authentication is secure
but
> would like to know
> > > what makes it secure.
> > >
> > > I will appreciate if someone could
provide
> their telephone
> > > number to contact with if possible.
> > >
_______________________________________________
> > > VNC-List mailing list
> > > [email protected]
> > > To remove yourself from the list
visit:
> > >
http://www.realvnc.com/mailman/listinfo/vnc-list
> _______________________________________________
> VNC-List mailing list
> [email protected]
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
