> Are there send's and recv's scattered through the X code, or does all
> the network traffic funnel through a common point?
X has a nice abstraction of the transport layer (xc/lib/xtrans) that most
of the network handling goes through - this is where you'ld primarily have
to change, although some changes to connection setup would probably be
required in libX11 and xc/programs/Xserver/os/
> Would it be best to have an xhost option that says:
>
> 1) encryption preferred, but silently fall back on unencrypted
> 2) encryption required
> 3) unencrypted only
>
> ...probably both for all sessions (the default for new sessions), and
> for individual host communications as well?
>
> Would this mean a modification to the X server and Xlib?
Yes, changes to host authentication methods need to be done in both places.
> Could it be done transparently to X applications (other than xhost)?
Probably (except for special cases like xscope and proxies like lbxproxy/xfwp).
> Would a server extention be the best way to make the feature available
> as an option?
An extension would mean making the connection/handshake unencrypted and
then negotiating up to encryption if available. I think you'ld end up
at least sending the auth cookie across unencrypted, but probably not
much else senstive.
On the other hand, making X work over IPsec would probably be much simpler
and keep the hassles of encryption code export out of X.
--
-Alan Coopersmith- [EMAIL PROTECTED]
Sun Microsystems, Inc. - Software Systems Group
Cust. Advocacy & Tech Services: X11 Engineering
_______________________________________________
Xpert mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/xpert
