Hi there,
I'm working on a revision to the RFB protocol for authentication and a few
other things. I'd like to see all the other encodings documented, including
the Tridia ones. If you have information on these other encodings or
corrections to the current ones, and would like to see them fully
documented, please contact me with details so they can be included.
Things I am adding:
* Two new RFB authentication mechanisms
- an uprated version of the current #2 mechanism that doesn't involve
reversible passwords at either end
- a opaque blob authenticator; this will allow OpenSSL/NTLM/Kerberos
implementors to use a standard RFB interchange without revision of the
protocol.
* New login interchange that reduces the information available to
unauthenticated users as well as reducing the inbound load on servers until
after the server has authenticated the client
* optional Below-RFB stream compression indicator (gzip, bzip2)
* optional Lightweight stream encryption support (blowfish, aes, etc)
* Ability for clients and servers to tell each other about their
capabilities
* Add a sound channel to the protocol
All of these do not mean that clients and servers need to implement these
features, I just want to make space. In particular, the old Unix
implementations that forced the getpass() 8 character restriction will still
be able to be insecure. The other platforms will be more secure.
Once I've finished the first draft, I'll be making it generally available at
http://www.evilsecurity.com/vnc/
for public comment, derision, etc. This page is currently blank. It will
have to wait until I get back to Australia to upload the document.
Once these lists are happy with the revised features, I'd like to pass the
authentication and encryption proposals to secprog@securityfocus and ask a
few experts for their peer review. We are going to get authentication and
encryption right this time.
Andrew
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
