Has anyone looked into what it would take to make X sessions encrypted? It seems such an important bit of functionality that someone must have already looked into it and decided it wasn't worth it.
I realize ssh can encrypt X traffic, but that isn't much help for a typical enduser with an X terminal, for example. Are there send's and recv's scattered through the X code, or does all the network traffic funnel through a common point? Would it be best to have an xhost option that says: 1) encryption preferred, but silently fall back on unencrypted 2) encryption required 3) unencrypted only ...probably both for all sessions (the default for new sessions), and for individual host communications as well? Would this mean a modification to the X server and Xlib? Could it be done transparently to X applications (other than xhost)? Would a server extention be the best way to make the feature available as an option? Would AES be the right encryption algorithm? If yes, are there any suitably-licensed implementations of AES available already? Would Diffie-Helman be reasonable for the key exchange, or would a lot of security folks turn up their noses at anything but RSA? I'd personally prefer Diffie-Helman, to avoid key management in the filesystem, instead staying in VM - plus it'd mean there's nothing to steal that'd stay useful for very long. Or would it make more sense to act a bit like xauth, for ease of implementation? Are there legal ramifications to the free distribution of XFree86 if this kind of encryption is encorporated into it? -- Dan Stromberg UCI/NACS/DCS _______________________________________________ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
