On 18-6-2010 19:58, John Kaufmann wrote: > In a message dated 2010.06.18 04:16 -0500, Corne Beerse wrote: > >> For what its worth, I'd never trust application-based encryption. If >> I need encryption, I use a tunnel like VPN or SSH as they are build >> for that purpose. Then run the vnc-communication trough that tunnel. > > CBee, after years of reading your posts I respect your judgment, but > this is not clear to me: Why is application-based encryption inferior? > > John That is my general idea: If I choose an application, I do it for the functionality. If I want security, I like to make a reasonable choice. In the past I have seen several implementations of a communication protocol that have added their own security. These appeared to be inferior after a while but I could not update or change as I still needed the tool itself.
With tunneling over an ssh connection or over a vpn tunnel, the security can be updated and altered without changing the communication tools. On the other side, there are good examples of 'combined' security. And of course there is also the ease of use and ease of administration that comes to mind. In fact, ssh is the secure variant of rsh/telnet and such, effectively a combination. However, here I see it as reverse: the security is the base of ssh, the shell-connection is here the added protocol and it shows: the remote shell part of ssh works but there are better tools. And other protocols can use the same tunnel. My 2 cents Corné _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
