Re: Proposing gobby?

From: Philipp Kern <phil philkern de>
To: Gustavo J.A.M.Carneiro <gjc inescporto pt>
Cc: desktop-devel-list gnome org
Subject: Re: Proposing gobby?
Date: Wed, 16 Nov 2005 18:23:28 +0100

On Nov 16, 2005, at 15:53, Gustavo J. A. M. Carneiro wrote:

  This happens because the home user doesn't have any feeling for the

limitations of the security of the protocol. Sure, the securitycan be

adequate in some cases, but the end user doesn't know which cases, and
just uses it even when not secure.

Well, now you are exaggerating, which is sad. Verification of publickeys was planned, but hey, it's 0.3.0 now. Yes, that's indeed why theserver generates a public key on startup, which is currently onlyused for safe password transmission.

It is currently not possible to replay the password, so you cannotenter a session secured with a password. So the case you stated isnot real. By the way you will notice any join.

What's real however is the fact that the data stream itself isunencrypted. This is currently because the encryption on the serverside is extensive due to the size of the private key. There is even astub for a security preferences tab in Gobby.


Kind regards,
Philipp Kern

Follow-Ups:
- Re: Proposing gobby?
  - From: Gustavo J. A. M. Carneiro

References:
- Proposing gobby?
  - From: Chris Ball
- Re: Proposing gobby?
  - From: Corey Burger
- Re: Proposing gobby?
  - From: Gustavo J. A. M. Carneiro
- Re: Proposing gobby?
  - From: Ross Burton
- Re: Proposing gobby?
  - From: Jono Bacon
- Re: Proposing gobby?
  - From: Eric Larson
- Re: Proposing gobby?
  - From: Gustavo J. A. M. Carneiro

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]