From: Fabrice Bellard <fabrice@bellard.org>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] QEMU: VNC
Date: Mon, 19 Feb 2007 23:52:54 +0100 [thread overview]
Message-ID: <45DA2A46.1080105@bellard.org> (raw)
In-Reply-To: <20070219190929.GT31525@redhat.com>
Daniel P. Berrange wrote:
> On Mon, Feb 19, 2007 at 12:41:53PM -0500, Christopher Olsen wrote:
>> On Monday 19 February 2007 12:30, Daniel P. Berrange wrote:
>>> On Mon, Feb 19, 2007 at 03:11:15AM +0100, Johannes Schindelin wrote:
>>>> Hi,
>>>>
>>>> On Sun, 18 Feb 2007, Anthony Liguori wrote:
>>>>> Christopher Olsen wrote:
>>>>>> Sorry I'll attempt to use the preferred patching method in the
>>>>>> future..
>>>>>>
>>>>>> Secure vnc auth method the default built in method from
>>>>> We can't take a password from a command line. Supporting VNC auth is
>>>>> super easy otherwise. I really think we need to have a config file
>>>>> before we can do VNC passwords.
>>>> No, you should not do VNC passwords. The default VNC password exchange is
>>>> insecure and you should not lure users into believing in that false
>>>> security.
>>> Sure it is insecure over an unencrypted network channel, but if you are
>>> tunnelling the VNC connection over SSH, or have restricted it to only
>>> bind to 127.0.0.1 then AFAIK it is just fine. So supporting VNC password
>>> auth would allow users on a shared machine to secure the console from
>>> other unprivileged users on the same box. Definitely useful over the
>>> current situation where there's no way to secure even the local-only
>>> case. For a serious general purpose authentication I'd like to see the
>>> TLS protocol extension for VNC (as implemented in VeNCrypt) supported
>>> allowing both secure auth & wire encryption.
>>>
>>> Dan.
>> I've Checked out the VeNCrypt.. Looks a little win32 oriented...
>
> Guess you missed the 'unix' directory - I have compiled both server & client
> of VeNCrypt on Linux no trouble.
>
>> I'm gathering the problem here is that VNC is spinning off in many
>> directions... So any implementation on the QEMU side will of course marry it
>> to a particular VNC branch or I had an alternative idea..
>
> I think the crux of the matter is that RealVNC sell a commercial version
> of VNC which offers real encryption. So I'm guessing that's why they've
> never merged any of the patches to do TLS encryption in the open source
> codebase. All the patches for VNC + TLS i've seen posted are iterations
> of each other - VeNCrypt is the most complete implenentation of any of
> them, so the one I'd go for out of the all the choices.
On the technical side, adding OpenSSL support in the current VNC
implementation is QEMU seems easy (OpenSSL has a non blocking API which
can be used with the current callback API).
Fabrice.
next prev parent reply other threads:[~2007-02-19 22:52 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-16 19:02 [Qemu-devel] QEMU: VNC Christopher Olsen
2007-02-16 20:57 ` Anthony Liguori
2007-02-18 20:36 ` Christopher Olsen
2007-02-18 23:08 ` Anthony Liguori
2007-02-18 23:53 ` Christopher Olsen
2007-02-19 0:14 ` Johannes Schindelin
2007-02-19 0:30 ` Christopher Olsen
2007-02-19 0:41 ` Johannes Schindelin
2007-02-19 2:01 ` Anthony Liguori
2007-02-19 2:11 ` Johannes Schindelin
2007-02-19 2:48 ` Anthony Liguori
2007-02-19 12:19 ` Christopher Olsen
2007-02-19 14:53 ` Johannes Schindelin
2007-02-19 17:16 ` Christopher Olsen
2007-02-19 17:30 ` Daniel P. Berrange
2007-02-19 17:41 ` Christopher Olsen
2007-02-19 19:09 ` Daniel P. Berrange
2007-02-19 19:29 ` Christopher Olsen
2007-02-19 22:52 ` Fabrice Bellard [this message]
2007-02-19 23:37 ` Christopher Olsen
2007-02-20 0:36 ` Daniel P. Berrange
2007-02-20 0:45 ` Anthony Liguori
2007-02-20 0:53 ` Christopher Olsen
2007-02-20 1:05 ` Daniel P. Berrange
2007-02-20 1:11 ` Johannes Schindelin
2007-02-20 1:18 ` Christopher Olsen
2007-02-20 19:46 ` Joe Batt
2007-02-20 1:15 ` [Qemu-devel] FreeBSD Support Christopher Olsen
2007-02-20 1:46 ` Paul Brook
2007-02-20 2:10 ` Christopher Olsen
2007-02-20 2:41 ` Paul Brook
2007-02-20 3:26 ` Christopher Olsen
2007-02-24 19:08 ` Juergen Lock
2007-02-24 20:54 ` Leonardo Reiter
2007-02-26 0:12 ` andrzej zaborowski
2007-03-03 22:12 ` Thiemo Seufer
2007-03-05 7:38 ` andrzej zaborowski
2007-02-19 23:58 ` [Qemu-devel] QEMU: VNC Johannes Schindelin
2007-02-19 0:11 ` Johannes Schindelin
2007-02-19 0:25 ` Christopher Olsen
-- strict thread matches above, loose matches on Subject: below --
2007-02-22 5:19 Luke-Jr
2007-02-22 16:22 ` Johannes Schindelin
2007-02-22 16:35 ` Anthony Liguori
2007-02-22 16:39 ` Christopher Olsen
2007-02-22 17:18 ` Johannes Schindelin
2007-02-22 17:29 ` Anthony Liguori
2007-02-22 17:35 ` Johannes Schindelin
2007-02-22 17:55 ` Leonardo Reiter
[not found] ` <200702221044.48581.luke@dashjr.org>
2007-02-22 17:27 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45DA2A46.1080105@bellard.org \
--to=fabrice@bellard.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).