Question
Singh, Harjit (Mission Systems)
Harjit.Singh "at" ngc.com
Wed Mar 30 18:32:01 2005
Erik,
Thanks..
Harjit
-----Original Message-----
From: Erik Soderquist [mailto:esoderquist "at" mcstamp.com]
Sent: Wed 3/30/2005 12:24 PM
To: Singh, Harjit (Mission Systems); James Weatherall; vnc-list "at" realvnc.com
Cc:
Subject: RE: Question
I believe that depends on your authentication method. it is my
understanding that windows authentication uses it's own encryption, so
the session encryption would be a different encryption. with vnc's
encryption, I can't see any reason to establish a new encrypted channel,
so I would assume it to use the same one.
-----Original Message-----
From: Singh, Harjit (Mission Systems) [mailto:Harjit.Singh "at" ngc.com]
Sent: Wednesday, March 30, 2005 12:17
To: Erik Soderquist; James Weatherall; vnc-list "at" realvnc.com
Subject: RE: Question
Eric,
Assuming encryption is used, is step three encryption link the same as
in step 5 encryption or the encryption link is negotiated again for step
5.
Harjit Singh
-----Original Message-----
From: Erik Soderquist [mailto:esoderquist "at" mcstamp.com]
Sent: Wed 3/30/2005 10:37 AM
To: James Weatherall; Singh, Harjit (Mission Systems);
vnc-list "at" realvnc.com
Cc:
Subject: RE: Question
I think this is the idea that is being sought:
step 1.) tcp connection established
step 2.) authentication method selected/negotiated
step 3.) encrypted channel opened
step 4.) authentication occurs
step 5.) session proceeds (with or without encryption, depending
on
settings)
-----Original Message-----
From: vnc-list-admin "at" realvnc.com
[mailto:vnc-list-admin "at" realvnc.com] On
Behalf Of James Weatherall
Sent: Wednesday, March 30, 2005 09:59
To: 'Singh, Harjit (Mission Systems)'; vnc-list "at" realvnc.com
Subject: RE: Question
Harjit,
The NT Logon Authentication (Windows Authentication) method
should work
with
any native Windows user authentication mechanism, e.g. NT
Domains,
Active
Directory, LDAP, etc.
Regards,
Wez @ RealVNC Ltd.
> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Singh,
> Harjit (Mission Systems)
> Sent: 29 March 2005 18:22
> To: James Weatherall; vnc-list "at" realvnc.com
> Subject: RE: Question
>
> James,
>
> Correct me if I am wrong. I am assuming first an encrypted
> session is setup using assymetric keys followed by server
> authentication and windows authentication. Once all the
> authentications are performed, it results in secured data
> across the link.
>
> The server authentication for enterprise version of RealVNC
> uses 2048 RSA for server along with 128 bit encryption for
> link. In addition windows authentication is performed for a
> user to validate user.
>
> 1. Could you use Sunmicrosystem LDAP one for windows user
> authentication or not ?
>
> Thanks..
>
> Harjit
>
> -----Original Message-----
> From: James Weatherall [mailto:jnw "at" realvnc.com]
> Sent: Tue 3/29/2005 11:47 AM
> To: Singh, Harjit (Mission Systems);
vnc-list "at" realvnc.com
> Cc:
> Subject: RE: Question
>
>
>
> Harjit,
>
> The public/private key exchange *is* the server
> authentication stage, and is
> used as the bootstrap for the secure encrypted session.
>
> Please refer to my previous replies to your mailing
> list messages regarding
> the difference between server authentication, and
> Windows Authentication.
>
> Yes, you can safely assume that this is all done
securely.
>
> Regards,
>
> Wez @ RealVNC Ltd.
>
>
> > -----Original Message-----
> > From: Singh, Harjit (Mission Systems)
> [mailto:Harjit.Singh "at" ngc.com]
> > Sent: 29 March 2005 17:07
> > To: James Weatherall; vnc-list "at" realvnc.com
> > Subject: RE: Question
> >
> > James,
> > In the email you sent, when does the process of server
> > authentication take place. If server authentication
takes
> > place first, is that process encrypted? I am assuming
that
> > private/public key mechanism takes place in first
place
> > before even server authentication takes place.
> >
> > How is server authentication different than windows
> > authentication. Could I assume safely that both
server
> > authentication and windows authentication are
> performed securely?
> >
> > Is the encrypted link setup in beginning will be the
same for
> > data communication between viewer and server?
> >
> > Regards,
> > Harjit Singh
> >
> >
> >
> > -----Original Message-----
> > From: James Weatherall [mailto:jnw "at" realvnc.com]
> > Sent: Tue 3/29/2005 10:52 AM
> > To: Singh, Harjit (Mission Systems);
> vnc-list "at" realvnc.com
> > Cc:
> > Subject: RE: Question
> >
> >
> >
> > Harjit,
> >
> > VNC Enterprise Edition's user authentication
phase is
> > secure because it
> > takes place only after a secure (encrypted,
> > tamper-proof, etc) connection
> > has been established between viewer and server.
If
> > session encryption is
> > not required then it is disabled immediately
that the
> > authentication phase
> > has completed.
> >
> > The older VNC Password authentication scheme is
secure
> > simply because it
> > uses a challenge-response protocol to verify the
user's
> > password, rather
> > than having to pass it from viewer to server.
> >
> > Regards,
> >
> > Wez @ RealVNC Ltd.
> >
> >
> > > -----Original Message-----
> > > From: vnc-list-admin "at" realvnc.com
> > > [mailto:vnc-list-admin "at" realvnc.com] On Behalf
> Of Singh,
> > > Harjit (Mission Systems)
> > > Sent: 29 March 2005 15:40
> > > To: vnc-list "at" realvnc.com
> > > Subject: Question
> > >
> > > I am new to RealVNC and performing search on
> it particularly
> > > with respect to security issues. I will
> appreciate if someone
> > > could explain the process of communication
> sequentially
> > > between RealVNC viewer and RealVNC server.
> The expalnation
> > > should start from beginning when VNC viewer
want to
> > > communicate to server and cover all the
> issues with respect
> > > to authentication and encryption. I figured
> from previous
> > > emails that authentication is secure but
> would like to know
> > > what makes it secure.
> > >
> > > I will appreciate if someone could provide
> their telephone
> > > number to contact with if possible.
> > >
_______________________________________________
> > > VNC-List mailing list
> > > VNC-List "at" realvnc.com
> > > To remove yourself from the list visit:
> > >
http://www.realvnc.com/mailman/listinfo/vnc-list
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
VNC-List "at" realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list