Dan Stromberg <[EMAIL PROTECTED]> writes:
> I realize ssh can encrypt X traffic, but that isn't much help for a
> typical enduser with an X terminal, for example.
Nothing you do would be much help to them (present X terminal users),
either, I guess :-)
> Would this mean a modification to the X server and Xlib?
Yes, both, obviously.
> Could it be done transparently to X applications (other than xhost)?
If ssh can do it, why shouldn't you?
> Would a server extention be the best way to make the feature
> available as an option?
I would compare it to the low bandwidth extension lbx, which is about
compression, not encryption, but very similar in concept. lbx uses a
proxy on the client side, though there have been rumors of integration
it into Xlib for ages.
> Would AES be the right encryption algorithm? If yes, are there any
> suitably-licensed implementations of AES available already?
I am not a crypto expert, but this is certainly a serious problem. You
have real time constraints, timing may be important for security. Then
again you have to guard against faked identification, sniffing and man
in the middle attacks...
Actually ssh could be a nice starting point :-)
> Or would it make more sense to act a bit like xauth, for ease of
> implementation?
You have to deal with xauth, or where shall the initial authentication
come from?
> Are there legal ramifications to the free distribution of XFree86 if
> this kind of encryption is encorporated into it?
Yes, very much so, so it probably wont go into the tree. You have to
distribute it separately.
So what again is the problem with ssh?
Thomas <[EMAIL PROTECTED]>
_______________________________________________
Xpert mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/xpert
