I suspect what he meant to say is, if using Windows Authentication, as you say, that occurs before an encrypted link is set up, what are the vulnerabilities.
James B. White C.S.H. Consultants Pty Ltd Phone....:+61(0)3 97151033 Fax......:+61(0)3 97151400 Mobile...:+61(0)418 558 184 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Weatherall Sent: Tuesday, 29 March 2005 02:00 To: 'Singh, Harjit (Mission Systems)'; vnc-list@realvnc.com Subject: RE: Real VNC question Harjit, VNC Enterprise & Personal Editions use asymmetric cryptography for server authentication. Whether or not a server will accept a connection depends upon whether QueryConnect is set, whether the connection originates from a host allowed by the Hosts setting, whether the viewer can support the server's allowed security methods, and whether the user can supply the required credentials (usually username & password). I don't know what you mean by "will the Windows authentication take place across the encrypted session". Obviously the user authentication stage of the VNC session will never be sent in the clear, regardless of whether the session is to be encrypted. Is that what you mean? Regards, Wez @ RealVNC Ltd. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Singh, Harjit (Mission Systems) Sent: 28 March 2005 16:20 To: vnc-list@realvnc.com Subject: Real VNC question It seems that first step is to authenticate the server followed by Windows authentication. I have following questions: 1. Is it true that public key cryptography methodology is used for server authentication? 2. What factor will determine a server to communicate to any arbitrary client communicating to it? 3. Will the windows authentication take place across the encrypted session ? Regards, Harjit Singh _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
