>Anyhow, I imagine a good strategy
>> would be to steal from the best and hijack some OpenSSH/SSLeay code,
>> rather
>> than writing some new thing that may or may not "really" be secure.
>> I think that at least initially, wrapping the existing protocol is the
>> way to go, rather than inventing a new encoding.
>
>What about this... Assuming I got it right, using VNC with SSH gives very
>good security. The development of SSH is continously going on. One could make
>VNC profit of this. So for UNIX it would be sufficient to have some
>functionality that makes setting up SSH tunnels transparent to using VNC.
>I.e. an
>option that tells VNC to set up und use the tunnels automatically.
>
>The problem is Windows where one probably has no SSH (especially the daemon)
>at hand so easily.
Or Macintosh, for that matter. MacOS X is a better bet, being a BSD-based
system, but nobody can be sure until mid-March when it's actually released.
In fact, I'm not sure whether the current Mac Server works at all when an
SSH tunnel ends on the same machine as the Server is running (it does,
however, work if there's another machine to terminate the tunnel with).
My 2p on the matter is that if/when someone precisely defines an
encryption/authentication method which can easily be incorporated into
existing VNC clients/servers, including those without SSH daemons already
present on the system, *and* when it can be shown to avoid susceptibility
to all the (electronic) attacks against RFB 3.3 known to date, it *will* be
added to the Mac Server as long as I have anything to do with it. If
OpenSSH / SSLeay libraries are already available in Mac-compatible formats,
that makes my life so much easier.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: [EMAIL PROTECTED] (not for attachments)
big-mail: [EMAIL PROTECTED]
uni-mail: [EMAIL PROTECTED]
The key to knowledge is not to rely on people to teach you it.
Get VNC Server for Macintosh from http://www.chromatix.uklinux.net/vnc/
-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a20 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS
PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r- y+
-----END GEEK CODE BLOCK-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
