From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HKI9o-0005sw-UW for qemu-devel@nongnu.org; Thu, 22 Feb 2007 12:55:04 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HKI9m-0005mH-MS for qemu-devel@nongnu.org; Thu, 22 Feb 2007 12:55:04 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HKI9m-0005ln-4V for qemu-devel@nongnu.org; Thu, 22 Feb 2007 12:55:02 -0500 Received: from nz-out-0506.google.com ([64.233.162.227]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HKI9l-0001HT-M7 for qemu-devel@nongnu.org; Thu, 22 Feb 2007 12:55:01 -0500 Received: by nz-out-0506.google.com with SMTP id i11so378432nzi for ; Thu, 22 Feb 2007 09:55:00 -0800 (PST) Message-ID: <779506c70702220955u7c5218cj74269b66f43e16be@mail.gmail.com> Date: Thu, 22 Feb 2007 12:55:00 -0500 From: "Leonardo Reiter" Subject: Re: [Qemu-devel] QEMU: VNC In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200702220519.10448.luke-jr@utopios.org> <45DDC65A.2030001@codemonkey.ws> <45DDD2F1.7070405@codemonkey.ws> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org If I may say something here... the original question was how to append the VNC header, so that the VNC client-compatible RFB auth could be supported. We all know this is not "secure", but it's a common feature of VNC and supporting it is not a bad thing IMHO. Adding it to QEMU is no less secure than using a regular Xvnc server with rfb auth enabled. You can always tunnel this via ssh to make it secure, or use it over a VPN. I doubt any serious user really considers it unbreakable security, when it is really just advertised as authentication, which is not the same thing. Generally speaking, if you are going to act like a VNC server (which QEMU now does), why not support the type of authentication that the regular VNC clients support? I think discrediting someone's attempt to post a patch to support this by turning it into a security analysis among other things is probably a good way to scare people away from contributing to this open source project we all love. I don't see an RFB auth patch and support for some strong type of encryption as a separate patch as mutually exclusive. Regards, Leo Reiter On 2/22/07, Johannes Schindelin wrote: > Hi, > > On Thu, 22 Feb 2007, Anthony Liguori wrote: > > > Johannes Schindelin wrote: > > > > > > This invariably leads to user confusion. ("But I _did_ use encryption? > > > What do you mean, it is not encrypted, and the handshake is weak?") > > > > > > > I understand. The solution is education. The documentation for vnc > > auth support should make it very clear that it's plain-text equivalent. > > Blessed are you when your users read documentation... > > Ciao, > Dscho > > > > _______________________________________________ > Qemu-devel mailing list > Qemu-devel@nongnu.org > http://lists.nongnu.org/mailman/listinfo/qemu-devel >